Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

Critical flaw in F5 BIG-IP faces wide exploitation risk

The company revised a security advisory as newly disclosed information heightens the potential impact.

Published April 2, 2026
David Jones's headshot
Reporter
The words "F5 Tower" are displayed on the outside of a metal-and-wood building with many windows.
The F5 tower in Seattle, Wash. The company is warning of a critical vulnerability in BIG-IP Access Policy Manager. Courtesy of F5 Press Kit

A critical flaw in F5 BIG-IP Access Policy Manager currently is under exploitation, and company officials warn the risk is far greater than previously known. 

The company in October 2025 disclosed the vulnerability, tracked as CVE-2025-53521, as a denial-of-service flaw. However, new information led F5 to recategorize the flaw, indicating a risk of remote code execution, according to an update Wednesday.

The new information shows that remote code execution can take place when BIG-IP APM access policy is configured on a virtual server, according to the company.

Shadowserver Foundation on Wednesday released data showing more than 17,000 vulnerable IPs worldwide as of Tuesday. 

When F5 originally released information listing the vulnerability as a denial-of-service issue, “it didn’t immediately signal urgency, and many system administrators likely prioritized it accordingly,” watchTowr founder and CEO Benjamin Harris told Cybersecurity Dive. 

Harris said his researchers are seeing in-the-wild exploitation and warned that security teams would need to assess whether they’ve already been impacted. 

The Cybersecurity and Infrastructure Security Agency added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog on Friday. The agency gave Federal Civilian Executive Branch agencies a deadline of March 30 to remediate their systems, signaling the urgency of the situation. 

The National Cyber Security Centre in the U.K. issued an advisory to alert security teams about the change, noting that BIG-IP APM is widely used in large enterprises. 

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
2026 Resilience Risk Index Reveals that Endpoint Security Software Fails More Than 20 Percent …
From Absolute Security
March 24, 2026
Zapier Pledges Free AI Education for 1 Million People
From Zapier
March 17, 2026
Zapier logo
AI Is Fueling Secrets Sprawl. GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secr…
From GitGuardian
March 17, 2026
GitGuardian logo
BrandShield Expands Brand and Digital Risk Protection to AI Platforms, Where Millions of Consu…
From BrandShield
April 01, 2026
BrandShield logo
Editors' picks
Latest in Vulnerability
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell