F5 News Articles

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability.

1 week ago

F5 BIG-IP Vuln Reclassified as RCE, Under Exploitation

CVE-2025-53521 was first disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information reveals the bug is much more dangerous.

2 weeks ago

Fortinet BIG-IP Vuln Reclassified as RCE, Under Exploitation

CVE-2025-53521 was first disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information reveals the bug is much more dangerous.

2 weeks ago

Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices.

2 weeks ago

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA adds actively exploited F5 BIG-IP APM CVE-2025-53521 (CVSS 9.3) to KEV, ordering FCEB patch by March 30, 2026 to curb RCE risk.

2 weeks ago

Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities

A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others.

CVE-2025-31644 보관 - ASEC

MENU Threat Resources Malware Dark Web Vulnerabilities Phishing/Scam CERT Smishing EndPoint Mobile Networks APT Trend Daily Threats Security...

F5 Product Update Advisory (CVE-2025-31644) - ASEC

Overview   We have released security updates to fix vulnerabilities in F5 products. Users of affected products are advised to update to the latest version.    Affected Products   CVE-2025-31644   BIG-IP (all modules) Versions: 17.1.0 and later to 17.1.2 and earlierBIG-IP (all modules) Versions: 16.1...

CVE-2025-31644 : When running in Appliance mode, a command injection vulnerability exists in an u

CVE-2025-31644 : When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which ma

CVE-2025-31644 Impact, Exploitability, and Mitigation Steps | Wiz

Understand the critical aspects of CVE-2025-31644 with a detailed vulnerability assessment, exploitation potential, affected technologies, and remediation guidance.

F5 BIG-IP Command Injection Vulnerability Let Attackers Execute Arbitrary System Commands

F5 Networks has disclosed a high-severity command injection vulnerability (CVE-2025-31644) in its BIG-IP products running in Appliance mode. 

Resolving a Mutual TLS session resumption vulnerability

Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different zones improperly. Cloudflare mitigated the issue in 32 hours by disabling session resumption for mTLS...

CVE-2025-23419 impacts Nginx Server

CVE-2025-23419 is a security vulnerability that arises when multiple server blocks in an Nginx configuration share the same IP address and port. An attacker can exploit this vulnerability by using the session resumption feature to bypass client certificate authentication on these servers. This explo...

F5 BIG-IP SNMP Flaw Allows Attackers to Launch DoS Attacks

A recently disclosed vulnerability in F5's BIG-IP systems has raised alarm within the cybersecurity community.

F5 Warns of TLS Session Resumption Vulnerability in NGINX - InfoSecBulletin

F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass

feedgrid.io

New CVE-2024-32760 in nginx 1 day, 23 hours ago Internet Bug Bounty disclosed a bug submitted by noentry:...

CVE-2024-32760 Description, Impact and Technical Details

This vulnerability, identified as CVE-2024-32760, affects NGINX Plus and NGINX OSS when configured to use the HTTP/3 QUIC module. It has the potential…

Nginx - [nginx-announce] nginx security advisory (CVE-2024-31079, CVE-2024-32760, CVE-2024-34161,...

Hello! Four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session...

New F5 Next-Gen Manager Flaw Let Attackers Take Full Admin Control

F5 Big IP has been discovered with two critical vulnerabilities that could potentially allow a threat actor to take full administrative

CVE-2024-21793, CVE-2024-26026: Proof of Concept Available for F5 BIG-IP Next Central Manager Vulnerabilities

Researchers disclose multiple vulnerabilities in F5 BIG-IP Next Central Manager and provide proof-of-concept exploit code, which could lead to exposure of hashed passwords.

CVE-2024-21793 and CVE-2024-26026 Detection: Exploitation of Critical F5 Central Manager Vulnerabilities Can Lead to Full System Compromise - SOC Prime

Detect CVE-2024-21793 and CVE-2024-26026 exploitation attempts, critical flaws in F5 Next Central Manager, with relevant Sigma rules from SOC Prime.

F5 Patches Remote Code Execution Bug in BIG-IP

The critical-severity, unauthenticated remote code execution flaw exists in several versions of the F5 BIG-IP security appliances.

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

China-linked threat group aggressively exploits software flaws in Connectwise ScreenConnect & F5 BIG-IP.

Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in...

NGINX Releases Urgent Patch for HTTP/3 Vulnerabilities (CVE-2024-24989, CVE-2024-24990)

NGINX has released an urgent patch to address 2 flaws (CVE-2024-24989, CVE-2024-24990) lurking within its experimental HTTP/3 implementation