CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 17, 2026

Critical flaw in F5 BIG-IP faces wide exploitation risk - Cybersecurity Dive

Cybersecurity Dive Archived May 17, 2026 ✓ Full text saved

Critical flaw in F5 BIG-IP faces wide exploitation risk Cybersecurity Dive

Full text archived locally
✦ AI Summary · Claude Sonnet


    Critical flaw in F5 BIG-IP faces wide exploitation risk The company revised a security advisory as newly disclosed information heightens the potential impact. Published April 2, 2026 David Jones Reporter Share License Add us on Google The F5 tower in Seattle, Wash. The company is warning of a critical vulnerability in BIG-IP Access Policy Manager. Courtesy of F5 Press Kit A critical flaw in F5 BIG-IP Access Policy Manager currently is under exploitation, and company officials warn the risk is far greater than previously known.  The company in October 2025 disclosed the vulnerability, tracked as CVE-2025-53521, as a denial-of-service flaw. However, new information led F5 to recategorize the flaw, indicating a risk of remote code execution, according to an update Wednesday. The new information shows that remote code execution can take place when BIG-IP APM access policy is configured on a virtual server, according to the company. Shadowserver Foundation on Wednesday released data showing more than 17,000 vulnerable IPs worldwide as of Tuesday.  When F5 originally released information listing the vulnerability as a denial-of-service issue, “it didn’t immediately signal urgency, and many system administrators likely prioritized it accordingly,” watchTowr founder and CEO Benjamin Harris told Cybersecurity Dive.  Harris said his researchers are seeing in-the-wild exploitation and warned that security teams would need to assess whether they’ve already been impacted.  The Cybersecurity and Infrastructure Security Agency added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog on Friday. The agency gave Federal Civilian Executive Branch agencies a deadline of March 30 to remediate their systems, signaling the urgency of the situation.  The National Cyber Security Centre in the U.K. issued an advisory to alert security teams about the change, noting that BIG-IP APM is widely used in large enterprises.  Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Vulnerability
    💬 Team Notes
    Article Info
    Source
    Cybersecurity Dive
    Category
    ◇ Industry News & Leadership
    Published
    May 17, 2026
    Archived
    May 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗