People are actively using a flaw in F5's BIG-IP application security product line in the wild This article explores attacks cve 2026. . On Saturday, F5 changed the category of CVE-2025-53521 to a remote code execution (RCE) flaw with a CVSS score of 9.8. On Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) put the flaw in its Known Exploited Vulnerabilities (KEV) catalog.
Defused, a cybersecurity company, says it saw scanning activity for the bug after it was added to CISA's KEV catalog. On October 15, the vulnerability was first made public and then fixed. It was called a high-severity denial-of-service (DoS) flaw for the Big IP Access Policy Manager (BIG-IP AMP), and F5 told customers to upgrade to a version of the AMP that had been fixed.
He says, "The IP addresses that are targeting the FortiClient vulnerability seem to be only for that system." A lot of different kinds of threat actors have tried to attack F5 products. Last year, attackers from nation-states broke into F5 and stole private information, such as the source code for the BIG-IP platform.
F5 customers should update their software and check their systems for any signs of compromise because CVE-2025-53521 is more dangerous and there have been reports of attacks against CVE-2026-21643. To read the whole blog post from F5 about the new security holes in the company's Forticlient software, click here. To get private help, call the Samaritans at 08457 90 90 90, go to a nearby Samaritans branch, or go to www.samaritans.org.
If you're in the U.S., you can call 1-800-273-8255 to reach the National Suicide Prevention Lifeline.
