F5 BIG-IP Flaw CVE-2025-53521 Upgraded to Critical RCE, Exploited in Wild

CVE-2025-53521 affects F5 BIG-IP network appliances and was initially reported as an unspecified denial-of-service vulnerability. Security researchers subsequently determined the flaw enables unauthenticated remote code execution, significantly elevating its severity to Critical. Active exploitation has been confirmed in the wild, with threat actors leveraging the vulnerability to gain unauthorized access to BIG-IP management interfaces and potentially pivot into internal networks. F5 BIG-IP is widely deployed in enterprise environments as an application delivery controller and load balancer, making this vulnerability particularly impactful. CISA added CVE-2025-53521 to its KEV catalog on March 27, 2026. Affected organizations should immediately apply F5's security patches, restrict access to the management interface (TMUI) to trusted IP ranges, and monitor for anomalous traffic patterns. Organizations unable to patch immediately should consider taking affected systems offline or implementing compensating controls.