www.securityweek.com 3/30/2026, 7:24:48 AM · via preferred

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Developing story vulnerability 8 articles tracked
F5 BIG-IP APM vulnerability (CVE-2025-53521) reclassified as unauthenticated RCE
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

ACCORDING to CISA, threat actors have been exploiting a critical remote code execution vulnerability in F5 BIG-IP, tracked as CVE-2025-53521, now classified as critical after an initial DoS disclosure in October 2025. The flaw carries a CVSS score of 9.3 and can be exploited on BIG-IP APM systems with an access policy configured on a virtual server, with the BIG-IP system in Appliance mode also affected.

F5 notes that CVE-2025-53521 impacts multiple versions, including 17.5.0–17.5.1, 17.1.0–17.1.2, 16.1.0–16.1.6, and 15.1.0–15.1.10, and patches are available in 17.5.1[.]3, 17.1.3, 16.1.6[.]1 and 15.1.10[.]8. SecurityWeek reports that the vulnerability has been exploited in the wild, and that F5 has published indicators of compromise (IOCs) associated with the activity. Agencies are urged to patch within the three-day window in the KEV list and apply mitigations for all CVEs listed by CISA.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline