THREAT SENTINEL
Back to Dashboard
VulnerabilitiesCritical

F5 BIG-IP APM Critical RCE Vulnerability CVE-2025-53521 Actively Exploited

Thursday, April 2, 2026
Global
CISA KEV + The Hacker News

Summary

CISA added CVE-2025-53521 affecting F5 BIG-IP Access Policy Manager to its Known Exploited Vulnerabilities catalog after the flaw was reclassified from denial-of-service to remote code execution. Active exploitation has been confirmed in the wild.

Threat Analysis

CVE-2025-53521 is a critical vulnerability in F5 BIG-IP APM reclassified as RCE in March 2026. CISA KEV added March 27, 2026. Actively exploited in the wild.

Affected Products: F5 BIG-IP Access Policy Manager (APM) all versions prior to the patched release.

Exploitation Status: Actively exploited. Threat actors gaining unauthorized remote access to BIG-IP appliances.

Recommended Mitigations: (1) Apply F5 official security patches immediately. (2) Restrict management interface access to trusted IP ranges. (3) Monitor for anomalous traffic patterns. (4) Federal agencies must remediate per BOD 22-01 guidance.

Last updated: Apr 2, 2026, 08:23 AM

Daily Intelligence

Stay Ahead of Threats

Subscribe to receive daily threat briefings delivered to your inbox. Be the first to know about emerging security risks.

No spamUnsubscribe anytimeDaily at 9 AM