News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Alerts
  3. CVE-2025-53521 affecting F5 Big-IP Access Policy Manager

CVE-2025-53521 affecting F5 Big-IP Access Policy Manager

This section contains time sensitive announcements about specific cyber threats, vulnerabilities and scams. Each alert has information you need to be aware of, and what actions to take to mitigate any risk to you or your organisation.

Subscribe to our updates to be notified as soon as we publish an alert.

4:35PM, 30 March 2026

TLP Rating: Clear

CVE-2025-53521 affecting F5 Big-IP Access Policy Manager

The NCSC would like to draw your attention to CVE-2025-53521 affecting F5 Big-IP Access Policy Manager. We are aware of open-source reports of malicious threat actors exploiting this vulnerability in the wild.

When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).

Note: This known vulnerability was previously categorised and remediated as a Denial-of-Service (DoS) vulnerability with CVSS scores of 7.5 (CVSS v3.1) and 8.7 (CVSS v4.0).

Due to new information obtained in March 2026, the original vulnerability is being re-categorised to an RCE vulnerability with CVSS scores of 9.8 (CVSS v3.1) and 9.3 (CVSS v4.0).

What's happening

Systems affected

Affected versions are

  • 17.5.0 - 17.5.1
  • 17.1.0 - 17.1.2
  • 16.1.0 - 16.1.6
  • 15.1.0 - 15.1.10

What to do

Prevention

To prevent exploitation, update affected products to a patched version. 

More information

Read more about this alert on the vendor website:

BIG-IP APM vulnerability CVE-2025-53521 External Link

If you require more information or further support, submit a report on our website:
Report an incident

If you need assistance using the tool, call us on 0800 114 115. Calling us is free within New Zealand. We’re open 7am to 7pm, Monday to Friday, and we’re closed on public holidays.