CVE-2025-53521

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Access Policy Manager (APM) versions 15.1.0 through 15.1.10 F5 BIG-IP APM versions 14.1.0 through 14.1.4

Description A critical vulnerability exists in F5 BIG-IP Access Policy Manager (APM) that allows for remote code execution (RCE) without authentication. Initially reported as a denial-of-service flaw, the vulnerability was reclassified as RCE after new information revealed its potential for exploitation. Attackers can exploit this issue by sending specially crafted malicious traffic to a virtual server configured with an APM access policy. This allows them to execute arbitrary system commands with elevated privileges. The vulnerability is actively being exploited in the wild, with reports of attackers using it to deploy the Brickstorm backdoor and gain access to internal networks. The /mgmt/shared/identified-devices/config/device-info API endpoint is being targeted in active scanning activity related to this vulnerability. Attackers are modifying system components such as /usr/bin/umount and /usr/sbin/httpd as part of their exploitation attempts.

Recommendations Apply the latest F5 security updates to versions 15.1.0 through 15.1.10. Apply the latest F5 security updates to versions 14.1.0 through 14.1.4.