๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2025-53521: F5 BIG-IP Unspecified Vulnerability
Summary
F5 BIG-IP APM (a network access management tool) contains an unspecified vulnerability that allows attackers to achieve remote code execution (the ability to run commands on a system they don't own). This vulnerability is actively being exploited by real attackers in the wild, making it an urgent security concern.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Check for signs of potential compromise on all internet accessible F5 products affected by this vulnerability. Consult F5's official guidelines and the referenced knowledge base articles at https://my.f5.com/manage/s/article/K000156741, https://my.f5.com/manage/s/article/K000160486, and https://my.f5.com/manage/s/article/K11438344 to assess exposure and mitigate risks.
Vulnerability Details
EPSS: 0.1%
Yes
๐ฅ Actively Exploited
March 26, 2026
Classification
Affected Vendors
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-53521
First tracked: March 28, 2026 at 02:00 AM
Classified by LLM (prompt v3) ยท confidence: 65%