Critical F5 BIG-IP Vulnerability Now Being Exploited in the Wild
CISA has warned that a critical-severity F5 BIG-IP vulnerability (CVE-2025-53521) with a CVSS score of 9.3 is being actively exploited, urging immediate patching.
Key Points
- CVE-2025-53521 has CVSS score of 9.3 (critical severity)
- Vulnerability was upgraded from DoS to remote code execution (RCE)
- Actively exploited in the wild against BIG-IP APM systems
- CISA added vulnerability to KEV catalog, requiring federal agencies to patch within 3 days
- Organizations using F5 BIG-IP should patch immediately
Full Details
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning that threat actors are actively exploiting a critical-severity vulnerability in F5 BIG-IP systems. Tracked as CVE-2025-53521, the flaw was originally disclosed in October 2025 as a high-severity denial-of-service (DoS) issue but was recently reclassified to reflect its more severe remote code execution (RCE) capability. The vulnerability carries a CVSS score of 9.3, indicating critical severity. Attackers can exploit the flaw on BIG-IP APM systems that have an access policy configured on a virtual server. CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and is urging federal agencies to patch the flaw within three days. F5 has updated its advisory to reflect the bug's elevated severity.
Why It Matters
The active exploitation of this critical F5 vulnerability poses significant risk to organizations worldwide, as BIG-IP appliances are commonly used for application delivery and access management in enterprise environments. The short patching deadline for federal agencies signals the severity of ongoing attacks.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
One Month Into Iran War: Global Economy Faces Major Disruptions
One month after the US and Israeli war on Iran began, the global economy is experiencing the largest supply disruption in oil market history, with cascading effects on inflation, air travel, food prices, and even semiconductor chip production.
AI Targeting Systems in Iran Conflict Raise 'Cold War' Concerns
Reports confirm Palantir's AI targeting systems used in Ukraine are now being integrated into Iranian drone operations, sparking concerns about an emerging AI arms race and ethical questions about autonomous warfare.
G7 Policymakers Hold Crisis Talks as Iran-Russia War Roils Global Economy
Top western G7 policymakers convened emergency discussions to address the economic turmoil caused by the ongoing Iran-Russia war, as the conflict continues to strain global supply chains and markets.
WTO E-Commerce Duties Moratorium Expires as Global Trade Talks Stall
The global moratorium on customs duties for digital downloads and streaming has expired after WTO ministers in Yaoundé, Cameroon failed to reach an extension agreement, with talks now moving to Geneva.