F5 BIG-IP APM Flaw Upgraded to Active RCE Risk, Urgency to Patch
F5 Networks reclassified the BIG-IP APM vulnerability CVE-2025-53521 from a DoS issue to a critical remote code execution flaw, with attackers exploiting unpatched systems to deploy webshells. CISA has ordered federal agencies to patch, and F5 issued mitigations and indicators of compromise as online exposure of BIG-IP instances remains high. Patch now and review disks, logs, and terminal history for signs of intrusion.