197/69 Wednesday, April 8, 2026
The Shadowserver Foundation has revealed that more than 14,000 F5 BIG-IP APM systems remain exposed on the internet and are vulnerable to exploitation through a critical flaw, CVE-2025-53521 (CVSS 9.8). This vulnerability is a Remote Code Execution (RCE) issue that is currently being actively exploited in the wild. The flaw occurs when an access policy is configured on a virtual server, allowing attackers to send specially crafted traffic to execute arbitrary code on the target system.
Initially classified as a Denial-of-Service (DoS) vulnerability, further analysis in March 2026 confirmed that it could be escalated to RCE, significantly increasing its severity. Although patches were released as early as October, a large number of systems remain unpatched and continue to be actively targeted. According to Shadowserver data, most exposed systems are located in the United States, Europe, and Asia.
The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and has mandated that U.S. federal agencies remediate it by March 30, 2026. System administrators are strongly advised to apply patches immediately, review system configurations, and restrict external access to minimize the risk of exploitation and system compromise.