F5 bug sees active exploitation across BIG‑IP versions.

CISA warned that attackers are exploiting CVE‑2025‑53521, a BIG‑IP APM flaw recently reclassified from a DoS issue to remote code execution. F5 says unauthenticated attackers can run code on systems with access policies enabled, including those in Appliance mode, and has released patched versions across supported branches. The company confirmed exploitation in vulnerable releases and published indicators of compromise such as rogue files, hash mismatches, and suspicious outbound traffic. CISA added the CVE to its KEV catalog and directed agencies to patch quickly while urging all organizations to apply fixes and review mitigations.

Read more:

https://www.securityweek.com/f5-big-ip-dos-flaw-upgraded-to-critical-rce-now-exploited-in-the-wild/