Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...
The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
SecurityWeek

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Threat actors are exploiting CVE-2025-53521, a critical F5 BIG-IP vulnerability that has been reclassified as a remote code execution issue.
Bleeping Computer

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) ...
CSOonline

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring immediate patching and compromise assessment. A vulnerability misclassified five ...
Yahoo

'Imminent Threat': Nation-State Hackers Hit Cybersecurity Provider F5

Add Yahoo as a preferred source to see more of our stories on Google. F5 logo - Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images Don't miss out on our latest stories. Add ...