“When F5 CVE-2025-53521 first emerged final 12 months as a denial-of-service situation, it didn’t instantly sign urgency, and plenty of system directors probably prioritized it accordingly,” Benjamin Harris, CEO of offensive security agency watchTowr, instructed CSO. “Quick-forward to at present’s huge ‘yikes’ second: The scenario has modified considerably. What we’re observing now’s pre-auth distant code execution and proof of in-the-wild exploitation, with a CISA KEV itemizing to again it up. That’s a really totally different threat profile than what was initially communicated.”
Patching is just a part of the equation and the instant focus for security groups ought to be on figuring out whether or not the flaw has already been exploited of their environments, Harris famous.
The vulnerability impacts BIG-IP APM variations 17.1.0 to 17.1.2, 17.5.0 to 17.5.1, 16.1.0 to 16.1.6, and 15.1.0 to fifteen.1.10. F5 launched patches in variations 17.1.3, 17.5.1.3, 16.1.6.1, and 15.1.10.8. The corporate additionally printed a data base article with indicators of compromise, attacker TTPs, and hardening steering in opposition to the noticed malware.
