Vulnerability affecting F5 BIG-IP APM

Key Points:

• CVE-2025-53521 is an unauthenticated remote code execution vulnerability affecting F5 BIG-IP Access Policy Manager (APM).
• All organizations using BIG-IP APM are at risk, with reports of active exploitation observed, potentially impacting UK networks.
• Immediate actions include isolating affected systems, investigating for compromise, updating to the latest version, and applying security hardening measures.

Technical Details: The vulnerability allows malicious traffic to trigger remote code execution when specific access policies are configured on a virtual server. Organizations are urged to follow the vendor's security advisory and Indicators of Compromise (IOCs).

MITRE ATT&CK Techniques:

• T1203 - Exploitation for Client Execution (Execution)
• T1078 - Valid Accounts (Defense Evasion)

IOCs Mentioned: None mentioned