Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...
SecurityWeek

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Threat actors are exploiting CVE-2025-53521, a critical F5 BIG-IP vulnerability that has been reclassified as a remote code execution issue.
The Hacker News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.
Dark Reading

F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

CVE-2025-53521 was first disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information reveals ...
Bleeping Computer

F5 releases BIG-IP patches for stolen security vulnerabilities

Cybersecurity company F5 has released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. The company disclosed today that state hackers breached its ...
heise online

F5 BIG-IP: Attackers can bypass restrictions through access controls

Attackers can exploit a vulnerability in the F5 BIG-IP appliances to extend their rights and manipulate the configuration. This could compromise the BIG-IP system, the manufacturer warns. According to ...
Threat Post

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

The vulnerability is ‘critical’ with a CVSS severity rating of 9.8 out of 10. Application service provider F5 is warning a critical vulnerability allows unauthenticated hackers with network access to ...