CVE-2025-53521
A critical security vulnerability, CVE-2025-53521, has been identified in F5 BIG-IP APM. This flaw occurs when a BIG-IP APM access policy is configured on a virtual server, where specific malicious traffic can lead to remote code execution. This vulnerability was initially published as a Denial of Service (DoS) vulnerability on 15 October 2025 but has been reclassified to a remote code execution (RCE) vulnerability on 29 March 2026. Affected versions include BIG-IP APM 17.5.0 through 17.5.1, 17.1.0 through 17.1.2, 16.1.0 through 16.1.6, and 15.1.0 through 15.1.10. F5 later re-categorized the issue from a denial-of-service condition to remote code execution, and reporting citing F5 says the vulnerability has been exploited in vulnerable BIG-IP versions.
EPSS 8.77% · 92.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | F5 BIG-IP AMP |
Timeline
- Oct 15, 2025 Coalition ESS Score
- Oct 15, 2025 CVE Published
- Oct 16, 2025 EPSS Score
- Oct 16, 2025 PoC Published
- Oct 17, 2025 Coalition ESS Score
- Oct 17, 2025 PoC Published
- Oct 21, 2025 PoC Published
- Oct 22, 2025 EPSS Score
- Oct 22, 2025 Coalition ESS Score
- Oct 23, 2025 Coalition ESS Score
- Oct 28, 2025 EPSS Score
- Nov 3, 2025 PoC Published
References
- https://ccb.belgium.be/advisories/warning-remote-code-execution-f5-big-ip-apm-patch-immediately advisory
- https://my.f5.com/manage/s/article/K000156741 vendor
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521 advisory
- https://my.f5.com/manage/s/article/K00029945 technical
- https://my.f5.com/manage/s/article/K000160486 technical