Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

bleepingcomputer.com · Brajeshwar · 12 days ago · view on HN · news
quality 9/10 · excellent
0 net
Tags
cve dos exploit malware microsoft node rce
Entities
CVE-2025-53521
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now Home News Security Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now By Sergiu Gatlan March 30, 2026 06:59 AM 0 ​Cybersecurity firm F5 Networks has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. BIG-IP APM (short for Access Policy Manager) is a centralized access management proxy solution that enables admins to secure and manage user access to their organizations' networks, cloud, applications, and application programming interfaces (APIs). Tracked CVE-2025-53521 , this security flaw can be exploited by attackers without privileges to perform remote code execution when targeting BIG-IP APM systems with access policies configured on a virtual server. In addition to flagging the vulnerability as being exploited in the wild, F5 published indicators of compromise (IOCs) and advised defenders to check their BIG-IP systems' disks, logs, and terminal history for signs of malicious activity. "This known vulnerability was previously categorized and remediated as a Denial-of-Service (DoS) vulnerability. Due to new information obtained in March 2026, the original vulnerability is being re-categorized to an RCE. The original CVE remediation has been validated to address the RCE in the fixed versions. We have learned that this vulnerability has been exploited in the vulnerable BIG-IP versions," F5 warned in an advisory update published this Sunday. "F5 strongly recommends that you consult your corporate security policy for guidelines about incident handling procedures including but not limited to forensic best practices, that are specific to your organization. More specifically, review the policies to ensure that they comply with evidence collection and forensics procedures for a security incident before you attempt to recover the system," the company added. Internet threat-monitoring non-profit organization Shadowserver now tracks over 240,000 BIG-IP instances exposed online ; however, there is no information on how many have a vulnerable configuration or have already been secured against CVE-2025-53521 attacks. F5 BIG-IP systems exposed online (BleepingComputer) ​The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added the vulnerability to its list of actively exploited flaws on Friday and ordered federal agencies to secure their BIG-IP APM systems by midnight on Monday, March 30. "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," it warned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." In recent years, BIG-IP vulnerabilities have been exploited by nation-state and cybercrime threat groups to breach corporate networks , map internal servers , deploy data-wiping malware , hijack devices , and steal sensitive documents from victims' networks. F5 is a Fortune 500 technology giant that provides cybersecurity, application delivery networking (ADN), and various other services to more than 23,000 customers worldwide, including 48 of the Fortune 50 companies. Automated Pentesting Covers Only 1 of 6 Surfaces. Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other. This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation. Get Your Copy Now Related Articles: CISA flags critical SolarWinds RCE flaw as exploited in attacks Critical Fortinet Forticlient EMS flaw now exploited in attacks CISA: New Langflow flaw actively exploited to hijack AI workflows Critical Microsoft SharePoint flaw now exploited in attacks CISA orders feds to patch n8n RCE flaw exploited in attacks Actively Exploited BIG-IP CISA F5 RCE Remote Code Execution Warning Sergiu Gatlan Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips. Previous Article Next Article Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now You may also like: Popular Stories Cisco source code stolen in Trivy-linked dev environment breach Hackers compromise Axios npm package to drop cross-platform malware FBI confirms hack of Director Patel's personal email inbox Sponsor Posts 5 Things to Measure in an AI-Driven SOC (That Didn't Exist Before) Attackers aren’t breaking in. They’re logging in. See how these intrusions unfold A unified control plane for all identities, human, non-human, and agentic. Is your program ready for agentic GRC? See what shift enterprise teams need to make. Synthetic Identities, Proxies & Real Identities for Sale, is yours next? Upcoming Webinar Login Username Password Remember Me Sign in anonymously Sign in with Twitter Not a member yet? Register Now Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT
← Back to stories