Critical Remote Code Execution in F5 BIG‑IP (CVE‑2025‑53521) Added to CISA KEV Catalog
What It Is — A remote‑code‑execution (RCE) flaw in F5 BIG‑IP Application Delivery Controllers (CVE‑2025‑53521) that permits unauthenticated attackers to execute arbitrary commands on the underlying operating system.
Exploitability — Active exploitation confirmed by CISA; proof‑of‑concept code publicly available. CVSS v3.1 base score 9.8 (Critical).
Affected Products — All F5 BIG‑IP versions vulnerable as listed in the vendor advisory (typically 16.0.x‑18.2.x).
TPRM Impact — BIG‑IP devices sit at the front‑line of many enterprise networks and cloud‑edge environments. A compromised appliance can:
- Serve as a foothold to pivot into downstream applications, exposing customer data.
- Disrupt critical services (e.g., web portals, APIs) that third‑party vendors rely on, creating a supply‑chain cascade.
Recommended Actions —
- Patch immediately – Apply F5’s security update for CVE‑2025‑53521.
- Validate remediation – Run an inventory scan to confirm all BIG‑IP instances are patched or mitigated per F5 guidance.
- Monitor for IOCs – Deploy endpoint and network detection rules for known exploitation signatures.
- Prioritize KEV items – Align remediation timelines with BOD 22‑01 requirements and update your vulnerability‑management workflow.
Source: https://www.cisa.gov/news-events/alerts/2026/03/27/cisa-adds-one-known-exploited-vulnerability-catalog