Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Critical Vulnerability in F5 BIG-IP Access Policy Manager

6 April 2026

F5 has released security updates to address a critical vulnerability in BIG‑IP Access Policy Manager (APM). Users and administrators of affected products are advised to update to the latest versions immediately.

Background

F5 has released security updates to address a critical vulnerability (CVE‑2025‑53521) in BIG‑IP Access Policy Manager (APM). New information received in March 2026 indicated that a threat actor was able to exploit this vulnerability to achieve remote code execution. The vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.8 out of 10.

Impact

Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform remote code execution, potentially resulting in a full system compromise.

Known Exploitation

This vulnerability is reportedly being exploited in the wild.

Affected Products

This vulnerability affects the following F5 BIG‑IP APM versions:

  • 17.5.0 – 17.5.1 

  • 17.1.0 – 17.1.2 

  • 16.1.0 – 16.1.6 

  • 15.1.0 – 15.1.10 

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

References

https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html

https://nvd.nist.gov/vuln/detail/CVE-2025-53521 

https://my.f5.com/manage/s/article/K000156741

Back to top