Security Operations, Vulnerability Management, Patch/Configuration Management, Network Security

F5 BIG-IP APM systems vulnerable to critical remote code execution flaw

(Adobe Stock)

As reported by HackRead, a severe security flaw in F5's BIG-IP APM systems, initially underestimated, has been reclassified as a critical threat. This technology is used by numerous large organizations to manage staff access to private networks.

The vulnerability, identified as CVE-2025-53521, allows attackers to gain complete control of affected servers through malicious traffic, enabling remote code execution (RCE). This means unauthorized individuals can run commands on company hardware globally without authentication. Initially thought to be a denial-of-service (DoS) issue, further investigation revealed it to be a memory-handling error that bypasses security, allowing attackers to plant malware. The severity score has been updated to 9.8 out of 10. The flaw affects specific versions of BIG-IP APM, particularly the 17.x, 16.x, and 15.x branches, when a particular access policy is enabled. F5 has released indicators of compromise (IoCs), detailing malicious software like c05d5254 and unusual system file changes, indicating active exploitation.

The reclassification of this flaw from a DoS to an RCE vulnerability necessitates immediate action from F5 customers. Industry experts emphasize that attackers are already exploiting this "open door." The potential for widespread disruption and data breaches underscores the need for prompt patching and, in cases of suspected compromise, rebuilding systems from scratch to eliminate persistent malware.

Source: HackRead

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds