Critical F5 BIG-IP Vulnerability Now Being Exploited in the Wild
CISA warned that threat actors are actively exploiting a critical-severity F5 BIG-IP vulnerability (CVE-2025-53521) with a CVSS score of 9.3, now reclassified from DoS to remote code execution, urging immediate patching.
Key Points
- CVE-2025-53521 in F5 BIG-IP upgraded from DoS to critical RCE (CVSS 9.3)
- Vulnerability now being actively exploited in the wild
- CISA added to Known Exploited Vulnerabilities catalog
- Federal agencies required to patch within three days
Full Details
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that threat actors are actively exploiting a critical vulnerability in F5 BIG-IP appliances. Tracked as CVE-2025-53521 with a CVSS score of 9.3, the flaw was originally disclosed in October 2025 as a high-severity denial-of-service issue but was reclassified as a remote code execution vulnerability last week. F5 has updated its advisory to reflect the bug's severity, noting that attackers can exploit it on BIG-IP APM systems with an access policy configured on a virtual server. CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and is urging federal agencies to patch the flaw within three days. Organizations using affected F5 BIG-IP systems should apply patches immediately.
Why It Matters
This critical vulnerability in widely-used F5 BIG-IP appliances poses significant risk to enterprise and government networks. The rapid escalation from DoS to RCE and active exploitation in the wild underscores the importance of timely vulnerability patching and continuous monitoring of security advisories.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
One Month Into Iran War: Global Economy Faces Major Disruptions
One month after the US and Israeli war on Iran began, the global economy is experiencing the largest supply disruption in oil market history, with cascading effects on inflation, air travel, food prices, and even semiconductor chip production.
AI Targeting Systems in Iran Conflict Raise 'Cold War' Concerns
Reports confirm Palantir's AI targeting systems used in Ukraine are now being integrated into Iranian drone operations, sparking concerns about an emerging AI arms race and ethical questions about autonomous warfare.
G7 Policymakers Hold Crisis Talks as Iran-Russia War Roils Global Economy
Top western G7 policymakers convened emergency discussions to address the economic turmoil caused by the ongoing Iran-Russia war, as the conflict continues to strain global supply chains and markets.
WTO E-Commerce Duties Moratorium Expires as Global Trade Talks Stall
The global moratorium on customs duties for digital downloads and streaming has expired after WTO ministers in Yaoundé, Cameroon failed to reach an extension agreement, with talks now moving to Geneva.