Ethical Hacking News
Hackers are exploiting a critical F5 BIG-IP flaw, which was previously categorized as a Denial-of-Service (DoS) vulnerability but has been reclassified as a remote code execution (RCE) flaw. The vulnerability affects the BIG-IP Access Policy Manager (APM) products and poses significant risks to federal agencies and organizations worldwide. Organizations must patch the vulnerability immediately to protect their systems and data.
F5 Networks has issued an urgent warning about a critical flaw in their BIG-IP Access Policy Manager (APM) products. The vulnerability, CVE-2025-53521, poses significant risks to federal enterprises and organizations that rely on F5's solutions, having been reclassified from a DoS vulnerability to an RCE flaw. The BIG-IP APM is a centralized access management proxy solution that enables administrators to secure user access to networks, cloud, applications, and APIs. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its list of actively exploited flaws, ordering federal agencies to secure their systems by March 30. Organizations that use F5's solutions are advised to patch the vulnerability immediately and review their corporate security policies to ensure compliance with evidence collection and forensics procedures.
F5 Networks, a leading provider of cybersecurity and application delivery networking solutions, has issued an urgent warning to organizations worldwide regarding a critical flaw in their BIG-IP Access Policy Manager (APM) products. The vulnerability, tracked as CVE-2025-53521, has been reclassified from a denial-of-service (DoS) vulnerability to a remote code execution (RCE) flaw, posing significant risks to the federal enterprise and organizations that rely on F5's solutions.
The BIG-IP APM is a centralized access management proxy solution that enables administrators to secure and manage user access to their organizations' networks, cloud, applications, and application programming interfaces (APIs). The vulnerability can be exploited by attackers without privileges to perform remote code execution when targeting BIG-IP APM systems with access policies configured on a virtual server.
According to F5 Networks, the original vulnerability was previously categorized and remediated as a Denial-of-Service (DoS) vulnerability. However, new information obtained in March 2026 has led to the reclassification of the vulnerability as an RCE flaw. The original CVE remediation has been validated to address the RCE in the fixed versions, but F5 warns that attackers are already exploiting this vulnerability in the wild.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its list of actively exploited flaws, ordering federal agencies to secure their BIG-IP APM systems by midnight on March 30. This warning is a reminder of the frequent attack vector that malicious cyber actors use to breach corporate networks, map internal servers, deploy data-wiping malware, hijack devices, and steal sensitive documents from victims' networks.
F5 Networks has published indicators of compromise (IOCs) and advised defenders to check their BIG-IP systems' disks, logs, and terminal history for signs of malicious activity. It is essential for organizations that use F5's solutions to take immediate action to patch the vulnerability and ensure the security of their systems.
Internet threat-monitoring non-profit organization Shadowserver tracks over 240,000 BIG-IP instances exposed online, but there is no information on how many have a vulnerable configuration or have already been secured against CVE-2025-53521 attacks. This highlights the importance of proactive monitoring and incident response to detect and respond to security threats.
The F5 BIG-IP systems are used by more than 23,000 customers worldwide, including 48 of the Fortune 50 companies. The critical flaw in their BIG-IP APM products poses a significant risk to these organizations, emphasizing the need for swift action to patch the vulnerability and protect against potential attacks.
In light of this warning, it is essential for organizations that use F5's solutions to review their corporate security policies and ensure they comply with evidence collection and forensics procedures for security incidents. Furthermore, organizations should consult with their corporate security team and follow applicable guidelines for cloud services or discontinue use of the product if mitigations are unavailable.
The incident serves as a reminder of the ongoing threat landscape in the cybersecurity industry and the importance of staying vigilant and proactive in detecting and responding to security threats. Organizations that fail to take immediate action to patch the vulnerability may face significant risks to their systems, data, and reputation.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Exploit-Critical-F5-BIG-IP-Flaw-A-Warning-to-Organizations-Worldwide-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/
https://gbhackers.com/cisa-warns-of-actively-exploited-f5-big-ip-vulnerability/
https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53521
https://www.cvedetails.com/cve/CVE-2025-53521/
Published: Mon Mar 30 07:34:55 2026 by llama3.2 3B Q4_K_M
