**Critical F5 BIG-IP Flaw Exploited in Attacks, Patch Now**

A critical vulnerability in F5 Networks' BIG-IP Access Policy Manager (APM) solution has been reclassified as a remote code execution (RCE) flaw by its manufacturer. Attackers are now exploiting this weakness to deploy webshells on unpatched devices, highlighting the importance of prompt patching and robust cybersecurity measures.

F5 Networks has issued an advisory update, warning that attackers can exploit the vulnerability without privileges to perform RCE when targeting BIG-IP APM systems with access policies configured on a virtual server. The security flaw, tracked as CVE-2023-53521, was previously categorized as a denial-of-service (DoS) vulnerability but has been re-categorized due to new information obtained in March 2026.

**The Impact of the F5 BIG-IP Flaw**

BIG-IP APM is a centralized access management proxy solution that enables administrators to secure and manage user access to their organizations' networks, cloud, applications, and application programming interfaces (APIs). The vulnerability can be exploited by attackers to perform RCE on unpatched devices, which can lead to the deployment of webshells and other malicious activities.

F5 has published indicators of compromise (IOCs) and advised defenders to check their BIG-IP systems' disks, logs, and terminal history for signs of malicious activity. The company also recommends that administrators consult their corporate security policy for guidelines on incident handling procedures, including forensic best practices, to ensure compliance with evidence collection and forensics procedures.

**Exposure of BIG-IP Instances**

Internet threat-monitoring non-profit organization Shadowserver has tracked over 240,000 BIG-IP instances exposed online, but there is no information on how many have a vulnerable configuration or have already been secured against CVE-2023-53521 attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its list of actively exploited flaws and ordered federal agencies to secure their BIG-IP APM systems by midnight on Monday, March 30.

**The Importance of Patching**

Recent years have seen a surge in BIG-IP vulnerabilities being exploited by nation-state and cybercrime threat groups to breach corporate networks. The F5 vulnerability is just the latest example of how critical it is for organizations to stay up-to-date with patching and maintain robust cybersecurity measures.

F5, a Fortune 500 technology giant, provides security solutions to over 23,000 customers worldwide, including 48 of the Fortune 50 companies. With the constant threat of cyberattacks, it's essential for organizations to prioritize patching and cybersecurity measures to prevent vulnerabilities like this one from being exploited by attackers.

**Conclusion**

The reclassification of the F5 BIG-IP vulnerability as a critical RCE flaw serves as a stark reminder of the importance of maintaining robust cybersecurity measures. Organizations must prioritize patching and stay informed about actively exploited flaws to prevent malicious activities and protect their networks. By taking prompt action, organizations can reduce the risk of falling victim to attacks like this one.

**Recommended Resources**

* F5 Networks' advisory update on CVE-2023-53521 * CISA's list of actively exploited flaws * Shadowserver's BIG-IP instance exposure report

This article has been updated to reflect the correct year for the vulnerability (2023 instead of 2026).