Dark Reading

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

CVE-2025-53521 was first disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information reveals ...

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks ...
CSO Online

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring ...
Infosecurity Magazine

NCSC Urges Immediate Patching of F5 BIG-IP Bug

UK organizations have been encouraged to immediately patch a critical new vulnerability in F5’s BIG-IP Access Policy Manager ...

Critical flaw in F5 BIG-IP faces wide exploitation risk

The new information shows that remote code execution can take place when BIG-IP APM access policy is configured on a virtual ...
AeroTime

France to finance Rafale F5 alone after UAE co-funding talks collapsed

The UAE was prepared to contribute €3.5 billion to the Rafale F5 but walked away after France refused meaningful technology ...
American Hospital Association

Alerts warn F5 BIG-IP vulnerability being exploited for malicious activity

The Cybersecurity and Infrastructure Security Agency released an alert March 27 on a vulnerability in F5 BIG-IP Access Policy Manager software that is being exploited for malicious cyber activity. F5 ...
The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.