A previously disclosed denial-of-service vulnerability in F5 BIG-IP Access Policy Manager has been reclassified as a critical pre-authentication remote code execution flaw, with a CVSS severity score increased to 9.81. The CVE-2025-53521 vulnerability, initially reported in October 2025 with a severity score of 7.5, is now being actively exploited by hackers to deploy persistent malware with root privileges. This escalation in severity underscores the potential for significant damage, as attackers can execute arbitrary code without authentication. The vulnerability's exploitation in the wild highlights the need for prompt attention from security teams, particularly those with exposure to F5 BIG-IP systems. So what matters most to practitioners is the urgent need to reassess their security posture and prioritize mitigation efforts based on their specific exposure and evidence of exploitation.
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
⚠️ Critical Alert
Why This Matters
CVE-2025-53521 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- CSO Online. (2026, March 31). 5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild. CSO Online. https://www.csoonline.com/article/4152658/5-month-old-f5-big-ip-dos-bug-becomes-critical-rce-exploited-in-the-wild.html
Original Source
CSO Online
Read original →