F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
Summary
A previously disclosed F5 BIG-IP vulnerability, CVE-2025-53521, has been reclassified from a denial-of-service flaw to a critical remote code execution (RCE) vulnerability. This reclassification indicates the bug is significantly more severe and is now actively being exploited in the wild.
IFF Assessment
The reclassification of a vulnerability from DoS to RCE and its active exploitation represent a direct and severe threat to systems, making it bad news for defenders.
Severity
Given the reclassification to Remote Code Execution (RCE) and active exploitation, a high CVSS score is warranted, reflecting a critical impact on confidentiality, integrity, and availability with high exploitability.
Defender Context
Defenders must prioritize patching or mitigating F5 BIG-IP systems immediately due to the RCE nature of CVE-2025-53521. Organizations should also enhance their monitoring for indicators of compromise related to this actively exploited vulnerability.