CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Initially disclosed as a high-severity denial-of-service (DoS), the bug was reclassified as a critical RCE issue. The post F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild appeared first on SecurityWeek.

F5

The US cybersecurity agency CISA on Friday warned that threat actors have been exploiting a critical-severity F5 BIG-IP vulnerability in the wild.

Tracked as CVE-2025-53521 (CVSS score of 9.3), the flaw was publicly disclosed in October 2025 as a high-severity denial-of-service (DoS) issue, but was reclassified as a remote code execution (RCE) vulnerability last week.

F5 has updated its original advisory to reflect the bug’s severity, noting that attackers can exploit it on BIG-IP APM systems that have an access policy configured on a virtual server.

“This vulnerability allows an unauthenticated attacker to perform remote code execution. The BIG-IP system in Appliance mode is also vulnerable. This is a data plane issue; there is no control plane exposure,” F5 notes.

CVE-2025-53521 impacts BIG-IP APM versions 17.5.0 – 17.5.1, 17.1.0 – 17.1.2, 16.1.0 – 16.1.6, and 15.1.0 – 15.1.10, and was addressed in versions 17.5.1.3, 17.1.3, 16.1.6.1, and 15.1.10.8.

“We have learned that this vulnerability has been exploited in the vulnerable BIG-IP versions. The original CVE remediation has been validated to address the RCE in the fixed versions,” F5 notes in its advisory.

On Friday, CISA added the CVE to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch it within three days.

Simultaneously, F5 published indicators of compromise (IOCs) associated with the malicious activity targeting vulnerable BIG-IP systems.

These include the presence of rogue files, mismatches in file hashes, mismatches in file sizes or timestamps, and different file sizes and timestamps across releases and Engineering Hotfix (EHF) releases.

The presence of specific log entries and command outputs on vulnerable systems, as well as outbound HTTP/S traffic containing CSS content-type and HTTP 201 response codes, also indicates successful compromise.

Organizations of all types are advised to apply fixes for CVE-2025-53521 and to prioritize mitigations for all vulnerabilities in CISA’s KEV list.

Related: QNAP Patches Four Vulnerabilities Exploited at Pwn2Own

Related: CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

Related: Critical Quest KACE Vulnerability Potentially Exploited in Attacks

Related: Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Latest News

CYBERNEWSMEDIAPublisher