US Edition
5-Month-Old F5 BIG-IP DoS Bug Becomes Critical RCE Exploited in the Wild
This story is only covered by news sources that have yet to be evaluated by the independent media monitoring agencies we use to assess the quality and reliability of news outlets on our platform. Learn more here.2 Articles
2 Articles
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware program that runs with root privileges. The CVE-2025-53521 vulnerability was first disclosed in October 2025 as a DoS issue with a CVSS severity score of 7.5. F5 update…
On October 15, 2025, F5 issued a security notice regarding, among other things, the vulnerability CVE-2025-53521. The vulnerability affects BIG-IP APM and allows an unauthenticated attacker to execute remote code. On March 29, 2026, the publisher states that this vulnerability is being actively exploited. The... See online: https://www.cert.ssi.gouv.fr/alert...
Coverage Details
Bias Distribution
- There is no tracked Bias information for the sources covering this story.
Factuality
To view factuality data please Upgrade to Premium
