F5 Networks has escalated a previously known BIG-IP Access Policy Manager (APM) flaw from a denial-of-service (DoS) to a remote code execution (RCE) vulnerability. Attackers are actively exploiting unpatched devices, deploying webshells to gain persistent access and potentially move laterally within networks.
The highest-risk environments are those running BIG-IP APM for remote access or identity functions, especially if management interfaces are internet-facing. Urgent action is advised: apply the latest F5 patches immediately, investigate for signs of compromise such as unexpected files, and restrict public access to management portals.
Delaying remediation leaves infrastructures exposed. Security teams should closely monitor logs and official advisories as exploit attempts escalate. Patching without delay is now critical for effective defence.
F5 BIG-IP Vulnerability Escalates: Immediate Patch Required as RCE Risk Emerges
