F5 Exposes Over 14,000 BIG-IP APM Instances to Critical RCE Vulnerability

Internet threat-monitoring non-profit Shadowserver has discovered a concerning security issue involving over 14,000 BIG-IP APM instances being exposed online. These instances are at risk of exploitation due to a critical-severity remote code execution (RCE) vulnerability.

BIG-IP APM, or Access Policy Manager, is a centralized access management proxy solution developed by F5 to help administrators secure access to their networks, cloud services, applications, and APIs.

The vulnerability, initially identified as a denial-of-service (DoS) flaw and later reclassified as an RCE bug with the CVE-2025-53521 designation, poses a significant threat to unpatched BIG-IP APM systems. Attackers are leveraging this security loophole to gain remote code execution capabilities on systems with access policies configured on a virtual server.

F5 issued a warning following new information obtained in March 2026, highlighting the exploitation of vulnerable BIG-IP versions. Despite efforts to address the RCE through remediation, Shadowserver reports that more than 14,000 BIG-IP APM systems remain exposed to potential attacks.

Despite the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urging federal agencies to secure their BIG-IP APM systems promptly, many organizations are still vulnerable to CVE-2025-53521 attacks. F5 has shared indicators of compromise (IOCs) and recommended thorough checks of system disks, logs, and terminal history to detect malicious activity.

Customers are advised to rebuild affected systems from a known good source to eliminate any persistent malware present in compromised configurations. F5 emphasizes the importance of taking proactive measures to safeguard against potential threats.

As a prominent Fortune 500 technology company, F5 serves a vast customer base and plays a crucial role in providing cybersecurity and application delivery networking services to numerous organizations worldwide. Despite its widespread adoption, F5’s BIG-IP vulnerabilities have attracted the attention of nation-state and cybercrime threat groups seeking to exploit security weaknesses for malicious purposes.

Discover the importance of automated pentesting and BAS in securing your systems. Download our whitepaper for valuable insights into effective cybersecurity practices.

Get Your Copy Now