Critical RCE in F5 BIG‑IP Access Policy Manager (CVE‑2025‑53521) Threatens Enterprise Networks
What It Is – A critical remote‑code‑execution flaw (CVE‑2025‑53521) in F5 BIG‑IP Access Policy Manager (APM) allows unauthenticated attackers to execute arbitrary code on the appliance. The vulnerability scores 9.3 (CVSS v4) and has been confirmed as actively exploited in the wild.
Exploitability – Evidence of weaponised exploits has been observed in multiple threat‑actor campaigns; proof‑of‑concept code is publicly available. CISA has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, indicating ongoing attacks.
Affected Products – F5 Networks BIG‑IP APM (all supported versions prior to the vendor‑released mitigation).
TPRM Impact – Organizations that rely on F5 BIG‑IP APM for web‑application delivery, VPN, or SSO expose their downstream services and data to compromise. A breach could cascade through supply‑chain relationships, affecting partners, customers, and hosted SaaS platforms.
Recommended Actions –
- Immediately apply F5’s security patch or temporary mitigation guidance.
- Conduct an inventory sweep to confirm which assets run vulnerable BIG‑IP APM versions.
- Deploy network‑level blocking of known exploit traffic (e.g., IDS/IPS signatures).
- Review authentication logs for anomalous activity and enforce multi‑factor authentication on APM admin accounts.
- Update third‑party risk registers to reflect the elevated risk and notify affected business units.
Source: The Hacker News