Ethical Hacking News
Over 14,000 F5 BIG-IP APM instances remain exposed online due to an actively exploited remote code execution flaw. Experts urge users to prioritize swift implementation of mitigations and updates to prevent potential exploitation of CVE-2025-53521.
The F5 BIG-IP APM has over 14,000 instances remaining exposed online due to a remote code execution (RCE) flaw. The vulnerability, CVE-2025-53521, allows attackers to execute arbitrary code with elevated privileges. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its KEV catalog, urging federal agencies to address it by April 30, 2026. F5 Networks is working to patch and secure its products, but users are advised to prioritize swift implementation of mitigations and updates.
In a worrisome turn of events, security researchers have revealed that over 14,000 F5 BIG-IP APM instances remain exposed online due to an actively exploited remote code execution (RCE) flaw. The vulnerability, identified as CVE-2025-53521, has garnered significant attention from cybersecurity experts and organizations alike.
The vulnerability in question allows specially crafted malicious traffic to trigger RCE on vulnerable BIG-IP systems when an access policy is enabled on a virtual server. This serious security lapse poses a substantial threat to the integrity of these systems, potentially allowing attackers to execute arbitrary code with elevated privileges.
According to recent findings by Shadowserver, researchers have been tracking instances of this vulnerability being exploited across multiple regions, including North America, Europe, and Asia Pacific. In addition, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to address the issue by April 30, 2026.
F5 Networks, the manufacturer of BIG-IP APM systems, has acknowledged the vulnerability and has expressed appreciation for the assistance provided by security professionals such as Schuberg Philis, Bart Vrancken, Fox-IT, and the Dutch National Cyber Security Centre (NCSC) in investigating the issue.
The organization has also emphasized its commitment to addressing this critical flaw and ensuring that its products are thoroughly patched and secured. In light of these developments, users of F5 BIG-IP APM systems are advised to prioritize swift implementation of mitigations and updates to prevent potential exploitation of CVE-2025-53521.
It is worth noting that the exact number of exposed instances is not yet fully confirmed due to varying degrees of system configuration among affected networks. Nevertheless, experts agree that this vulnerability poses significant security risks that need immediate attention.
Related Information:
https://www.ethicalhackingnews.com/articles/14000-F5-BIG-IP-APM-Instances-Left-Exposed-to-Remote-Code-Execution-Flaw-ehn.shtml
https://securityaffairs.com/190384/security/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html
https://cyberpress.org/14000-f5-big-ip-apm-instances-exposed-as-rce-exploits-surge/
https://cybersecuritytimes.com/14000-f5-big-ip-apm-exposed-rce/
https://nvd.nist.gov/vuln/detail/CVE-2025-53521
https://www.cvedetails.com/cve/CVE-2025-53521/
Published: Mon Apr 6 09:33:59 2026 by llama3.2 3B Q4_K_M
