F5 BIG-IP Critical Vulnerability Actively Exploited
Summary
The Cyber Security Agency of Singapore issued an urgent advisory warning of active exploitation of a critical vulnerability (CVE-2025-53521) in F5 BIG-IP Access Policy Manager with a CVSS v3.1 score of 9.8 out of 10. The vulnerability allows unauthenticated remote code execution and full system compromise. Affected versions include BIG-IP APM 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, and 15.1.0-15.1.10.
What changed
CSA has issued an alert confirming active exploitation of CVE-2025-53521 in F5 BIG-IP Access Policy Manager, a critical vulnerability with CVSS 9.8/10 allowing unauthenticated remote code execution. F5 has released security updates to address this vulnerability. The alert references CISA's Known Exploited Vulnerabilities catalog, confirming real-world attacks are occurring. All listed versions across the 15.x, 16.x, 17.x, and 17.5.x product lines are affected.
Organizations running F5 BIG-IP APM must immediately identify whether their installations are affected, verify their current versions against the affected version ranges, and apply the latest security patches from F5. Given active exploitation in the wild, this vulnerability poses an immediate threat to network infrastructure. Organizations should treat this as a priority patching exercise and monitor for indicators of compromise associated with this vulnerability.
What to do next
- Identify all F5 BIG-IP APM installations in your environment
- Verify installed versions against affected ranges: 17.5.0-17.5.1, 17.1.0-17.1.2, 16.1.0-16.1.6, 15.1.0-15.1.10
- Apply the latest F5 security updates immediately
- Monitor for indicators of compromise related to CVE-2025-53521
Source document (simplified)
Alerts
Active Exploitation of Critical Vulnerability in F5 BIG-IP Access Policy Manager
6 April 2026
F5 has released security updates to address a critical vulnerability in BIG‑IP Access Policy Manager (APM). Users and administrators of affected products are advised to update to the latest versions immediately.
Background
F5 has released security updates to address a critical vulnerability (CVE‑2025‑53521) in BIG‑IP Access Policy Manager (APM). New information received in March 2026 indicated that a threat actor was able to exploit this vulnerability to achieve remote code execution. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.
Impact
Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform remote code execution, potentially resulting in a full system compromise.
Known Exploitation
This vulnerability is reportedly being exploited in the wild.
Affected Products
This vulnerability affects the following F5 BIG‑IP APM versions:
17.5.0 – 17.5.1
17.1.0 – 17.1.2
16.1.0 – 16.1.6
15.1.0 – 15.1.10
Mitigation
Users and administrators of affected products are advised to update to the latest versions immediately.
References
https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53521
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.