What is CVE-2025-53521 in F5 BIG-IP APM?

It's an RCE flaw, initially pegged as DoS, letting unprivileged attackers run code on vulnerable virtual servers with access policies.

How many F5 BIG-IP APM instances are exposed to CVE-2025-53521?

Shadowserver tracks over 14,000 unpatched ones online, from 17,100+ total APM fingerprints.

Should I rebuild my compromised BIG-IP system?

Yes—F5 says start from known-good UCS backups; tainted ones harbor persistent malware.

🛡️ Security Tools

14,000 F5 BIG-IP Doors Wide Open to RCE Nightmares

Hackers are pounding at the gates. Shadowserver spots 14,000+ exposed F5 BIG-IP APM systems, bleeding from a freshly minted RCE vuln that CISA's already sounding alarms over.

Threat Digest Apr 02, 2026 4 min read 12 views

⚡ Key Takeaways

Over 14,000 F5 BIG-IP APM instances remain exposed to active RCE exploits from CVE-2025-53521. 𝕏
F5 reclassified the five-month-old flaw to RCE after confirming wild exploitation; CISA mandates federal patches. 𝕏
Rebuild compromised systems from scratch—tainted backups may hide malware; AI-driven attacks loom larger. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#CISA KEV #CVE-2025-53521 #F5 BIG-IP #RCE vulnerability #Shadowserver

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

F5 BIG-IP RCE Bug Sparks Patch Panic

F5 BIG-IP's CVE-2025-53521: DoS Flaw Morphs into RCE Weapon, Already Hitting the Wild

Palo Alto's Firewall Glitch Hits CISA's 'Fix Now' List After Real-World Attacks

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Stay in the loop