"CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog, indicating active exploitation of a critical flaw in F5 BIG-IP APM that allows remote code execution."
"F5 initially categorized the vulnerability as a denial-of-service issue but reclassified it to remote code execution after new information was obtained in March 2026."
"Indicators of compromise include the presence of specific files like /run/bigtlog.pipe and log entries showing unauthorized access to the iControl REST API."
CISA has identified a critical vulnerability, CVE-2025-53521, in F5 BIG-IP Access Policy Manager, allowing remote code execution. Initially classified as a denial-of-service issue, it was reclassified after new information emerged. F5 confirmed exploitation in vulnerable versions and provided indicators for assessing system compromise, including file-related and log-related indicators. Specific files and log entries can help identify unauthorized access or changes, emphasizing the need for vigilance in monitoring system integrity.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]