Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks ...
SecurityWeek

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Threat actors are exploiting CVE-2025-53521, a critical F5 BIG-IP vulnerability that has been reclassified as a remote code execution issue.
The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
American Hospital Association

Alerts warn F5 BIG-IP vulnerability being exploited for malicious activity

The Cybersecurity and Infrastructure Security Agency released an alert March 27 on a vulnerability in F5 BIG-IP Access Policy Manager software that is being exploited for malicious cyber activity. F5 ...
CSO Online

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring ...
heise online

F5 BIG-IP: Attackers can bypass restrictions through access controls

Attackers can exploit a vulnerability in the F5 BIG-IP appliances to extend their rights and manipulate the configuration. This could compromise the BIG-IP system, the manufacturer warns. According to ...
ZDNet

F5 issues BIG-IP patches to tackle unauthenticated remote code execution, critical flaws

F5 Networks has pushed out patches to tackle four critical vulnerabilities in BIG-IP, one of which can be exploited for unauthenticated remote code execution (RCE) attacks. The enterprise networking ...