F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors

beyondmachines1@infosec.exchange

F5 Warns of Critical BIG-IP APM Zero-Day Exploited by Nation-State Actors

F5 re-categorized a BIG-IP APM vulnerability (CVE-2025-53521) from a DoS to a critical 9.8 RCE after discovering active exploitation by a nation-state actor using memory-only webshells and lateral movement tools. The flaw allows unauthenticated attackers to execute code and gain full control over network access infrastructure.

**If you have F5 BIG-IP APM devices, if possible make sure they are isolated from the internet and accessible from trusted networks only. Then immediately update to the fixed firmware versions (17.5.1.3, 17.1.3, 16.1.6.1, or 15.1.10.8). If you suspect a device has already been compromised, rebuild it from scratch - don't restore from backups, as they may contain persistent malware. Also, audit for disabled SELinux and unauthorized webshells.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/f5-warns-of-critical-big-ip-apm-zero-day-exploited-by-nation-state-actors-4-j-u-k-9/gD2P6Ple2L