好的,我现在要帮用户总结这篇文章的内容,控制在100字以内。首先,我需要仔细阅读文章,抓住关键点。 文章主要讲的是F5 BIG-IP APM存在一个严重的远程代码执行漏洞CVE-2025-53521,CVSS评分高达9.8。这个漏洞被攻击者积极利用,导致超过14,000个实例暴露在线上。Shadowserver基金会警告说,这些实例分布在北美、欧洲和亚洲。 接下来,我需要提取这些关键信息:漏洞名称、CVSS评分、受影响的实例数量、地理位置分布以及攻击者的活动情况。同时,要注意语言简洁,避免使用复杂的句子结构。 然后,我要确保总结控制在100字以内,并且直接描述内容,不需要开头语。例如,“F5 BIG-IP APM存在严重漏洞CVE-2025-53521(CVSS 9.8),超14,000实例暴露在线。攻击者正积极利用该漏洞进行远程代码执行。”这样既涵盖了主要信息,又符合字数要求。 最后,检查是否有遗漏的重要细节,并确保表达清晰准确。 </think> F5 BIG-IP APM存在严重漏洞CVE-2025-53521(CVSS 9.8),超14,000实例暴露在线。攻击者正积极利用该漏洞进行远程代码执行。 2026-4-6 13:7:25 Author: securityaffairs.com(查看原文) 阅读量:16 收藏
Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521.
Over 14,000 F5 BIG-IP APM instances remain exposed online, with attackers actively exploiting the critical remote code execution vulnerability CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), the nonprofit security organization Shadowserver warns.
The vulnerability in BIG-IP APM allows specially crafted malicious traffic to trigger Remote Code Execution (RCE) when an access policy is enabled on a virtual server.
“When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE).” reads the advisory. “Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.”
The researchers reported the flaw five months ago, in October. The flaw was previously classified as a Denial-of-Service (DoS) issue, which has been reclassified as a critical Remote Code Execution (RCE) flaw based on new findings in March 2026. Its severity has increased significantly, with higher CVSS scores. The original fix remains effective, but the flaw has been actively exploited in vulnerable BIG-IP versions.
“We have learned that this vulnerability has been exploited in the vulnerable BIG-IP versions below.” reads the vendor’s advisory.
F5 thanks Schuberg Philis, Bart Vrancken, Fox-IT, and the Dutch NCSC for their help in investigating the issue and ensuring a high-standard coordinated disclosure.
Shadowserver now reports tracking over 14,100 IPs with F5 BIG-IP APM fingerprints exposed online, most of them are in the US (5138), Europe (4750), and Asia (2689).
— The Shadowserver Foundation (@Shadowserver) April 1, 2026F5 BIG-IP APM CVE-2025-53521 impact has recently been updated from a DoS to RCE (see: https://t.co/QPj5cRjEvr) & added to @CISACyber KEV.
We are fingerprinting & sharing F5 BIG-IP APM instances – over 17.1K IPs seen on 2026-03-31 globally. This is just a population assessment. pic.twitter.com/MrkBlAgUxC
It’s unclear how many are actually vulnerable to exploitation.
At the end of March, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities (KEV) catalog.
CISA orders federal agencies to fix the vulnerability by March 30, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)
如有侵权请联系:admin#unsafe.sh