HeadlinesBriefing favicon HeadlinesBriefing.com

F5 BIG-IP RCE Flaw Now Actively Exploited, Patch Urged

Hacker News •
×

F5 Networks has reclassified a BIG-IP APM vulnerability from a denial-of-service flaw to critical-severity remote code execution, warning that attackers are actively exploiting it to deploy webshells on unpatched devices. The flaw, tracked as CVE-2025-53521, allows unauthenticated attackers to execute code on systems with configured access policies.

Originally categorized as a DoS vulnerability, the flaw was re-evaluated in March 2026 after new information revealed its RCE potential. F5 published indicators of compromise and urged organizations to check their BIG-IP systems for malicious activity. The company emphasized following corporate security policies for incident handling and forensic procedures before attempting system recovery.

With over 240,000 BIG-IP instances exposed online, the scale of potential impact is significant. The U.S. Cybersecurity and Infrastructure Security Agency added the vulnerability to its list of actively exploited flaws and mandated federal agencies to secure their systems by March 30. BIG-IP vulnerabilities have historically been targeted by nation-state and cybercrime groups for network breaches, data theft, and device hijacking.