CISA has identified a critical vulnerability, CVE-2025-53521, in F5 BIG-IP Access Policy Manager, allowing remote code execution. Initially classified as a denial-of-service issue, it was reclassified after new information emerged. F5 confirmed exploitation in vulnerable versions and provided indicators for assessing system compromise, including file-related and log-related indicators. Specific files and log entries can help identify unauthorized access or changes, emphasizing the need for vigilance in monitoring system integrity.
"CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog, indicating active exploitation of a critical flaw in F5 BIG-IP APM that allows remote code execution."
"F5 initially categorized the vulnerability as a denial-of-service issue but reclassified it to remote code execution after new information was obtained in March 2026."
"Indicators of compromise include the presence of specific files like /run/bigtlog.pipe and log entries showing unauthorized access to the iControl REST API."
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]