Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability.

F5 BIG-IP Flaw Escalated to Critical 9.8 RCE, Now Under Active Attack

A 5-month-old F5 BIG-IP vulnerability, CVE-2025-53521, has been reclassified as a critical 9.8 CVSS RCE and is under active exploitation. CISA has added it to the KEV catalog. Patch immediately.

Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices.

Serious F5 Breach - Schneier on Security

This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language to mean the hackers were inside the F5 network for years. During that time, F5 said, the hackers took control of the network segment the company uses to create and distribute updates for BIG IP, a line of server appliances that F5 ...

myF5

Thousands of customers imperiled after nation-state ransacks F5’s network

Risks to BIG-IP users include supply-chain attacks, credential loss, and vulnerability exploits.

F5 Says Hackers Stole Undisclosed BIG-IP Flaws, Source Code - Slashdot

An anonymous reader quotes a report from BleepingComputer: U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with...