THREAT SENTINEL
Back to Dashboard
VulnerabilitiesCritical

F5 BIG-IP APM Critical RCE Vulnerability Under Active Exploitation

Sunday, March 29, 2026
Global
CISA KEV

Summary

F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.

Threat Analysis

**Vulnerability ID:** CVE-2025-53521 **CVSS Score:** 9.0 (CRITICAL) **⚠️ ACTIVELY EXPLOITED** - Added to CISA KEV Catalog **Required Action:** Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. **Due Date:** 2026-03-30

**Description:** F5 BIG-IP APM contains an unspecified vulnerability that could allow a threat actor to achieve remote code execution.

**Affected Products:** F5 BIG-IP

**Recent Coverage:** - [F5 BIG-IP APM Critical RCE Vulnerability Under Active Exploitation](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

**Recommended Actions:** - **URGENT:** Apply vendor patches immediately - Isolate affected systems if patches unavailable - Monitor for indicators of compromise

Last updated: Mar 29, 2026, 08:17 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM