F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation

Summary

CVE-2025-53521 in F5 BIG-IP, initially disclosed in October as a high-severity denial-of-service vulnerability, has been reclassified as a remote code execution (RCE) flaw—a significantly more critical threat. The vulnerability is now reportedly under active exploitation in the wild, elevating urgency for organizations running affected F5 systems.

Indicators of Compromise

• cve — CVE-2025-53521