{"id":231760,"date":"2026-04-06T09:49:00","date_gmt":"2026-04-06T13:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed\/"},"modified":"2026-04-06T10:55:18","modified_gmt":"2026-04-06T14:55:18","slug":"attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/06\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed\/","title":{"rendered":"Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/190384\/security\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html\">Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/190384\/security\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html\">https:\/\/securityaffairs.com\/190384\/security\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-06 09:49:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> April 06, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/f5-networks-bg.jpg?fit=550%2C300&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521.<\/h2>\n<p>Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers actively exploiting the critical remote code execution vulnerability <strong>CVE-2025-53521<\/strong> (CVSS ver. 3.1 score of 9.8), the nonprofit security organization\u00a0Shadowserver warns.<\/p>\n<p>The vulnerability in BIG-IP APM allows specially crafted malicious traffic to trigger Remote Code Execution (RCE) when an access policy is enabled on a virtual server.<\/p>\n<p>\u201cWhen a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).\u201d reads the advisory.\u00a0\u201cNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\u201d<\/p>\n<p>The researchers reported the flaw five months ago, in October. The flaw was previously classified as a Denial-of-Service (DoS) issue, which has been reclassified as a critical Remote Code Execution (RCE) flaw based on new findings in March 2026. Its severity has increased significantly, with higher CVSS scores. The original fix remains effective, but the flaw has been actively exploited in vulnerable BIG-IP versions.<\/p>\n<p>\u201cWe have learned that this vulnerability has been exploited in the vulnerable BIG-IP versions below.\u201d reads the vendor\u2019s advisory.<\/p>\n<p>F5 thanks Schuberg Philis, Bart Vrancken, Fox-IT, and the Dutch NCSC for their help in investigating the issue and ensuring a high-standard coordinated disclosure.<\/p>\n<p>Shadowserver now <strong>reports<\/strong> tracking over 14,100 IPs with F5 BIG-IP APM fingerprints exposed online, most of them are in the US (5138), Europe (4750), and Asia (2689). <\/p>\n<p lang=\"en\" dir=\"ltr\">F5 BIG-IP APM CVE-2025-53521 impact has recently been updated from a DoS to RCE (see:&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/190384\/security\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed https:\/\/securityaffairs.com\/190384\/security\/attackers-exploit-rce-flaw-as-14000-f5-big-ip-apm-instances-remain-exposed.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":231761,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/f5-networks-bg.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-231760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231760"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=231760"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231760\/revisions"}],"predecessor-version":[{"id":231762,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/231760\/revisions\/231762"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/231761"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=231760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=231760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=231760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}