好的,我现在需要帮用户总结这篇文章的内容,控制在100个字以内。首先,我得通读全文,抓住关键点。 文章主要讲的是F5的BIG-IP APM系统存在一个严重的漏洞CVE-2025-53521,这个漏洞最初被归类为拒绝服务(DoS),后来重新分类为远程代码执行(RCE)。已经有超过14,000个实例暴露在网络上,Shadowserver监测到了这些情况。尽管CISA已经要求联邦机构修复系统,但仍有大量系统未打补丁。攻击者利用这个漏洞进行攻击,可能导致系统被恶意控制。F5建议用户从安全来源重建配置,以防止恶意软件残留。 接下来,我需要把这些信息浓缩到100字以内。要注意不要使用“文章内容总结”之类的开头,直接描述即可。 可能会提到的关键点包括:F5 BIG-IP APM漏洞、RCE、14,000实例暴露、攻击者利用、修复建议等。 现在试着组织语言: F5的BIG-IP APM存在严重漏洞CVE-2025-53521,可被攻击者远程执行代码。已有超1.4万个实例暴露在线上。尽管CISA已要求修复,但仍有大量未补丁系统面临风险。F5建议用户从安全源重建配置以防止恶意软件。 这样大概在98个字左右,符合要求。 </think> F5的BIG-IP APM存在严重漏洞CVE-2025-53521,可被攻击者远程执行代码。已有超1.4万个实例暴露在线上。尽管CISA已要求修复,但仍有大量未补丁系统面临风险。F5建议用户从安全源重建配置以防止恶意软件。 2026-4-2 08:30:22 Author: www.bleepingcomputer.com(查看原文) 阅读量:10 收藏
Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability.
BIG-IP APM (short for Access Policy Manager) is F5's centralized access management proxy solution designed to help admins secure access to their organizations' networks, cloud, applications, and application programming interfaces (APIs).
This 5-month-old flaw (tracked as CVE-2025-53521) was disclosed in October as a denial-of-service (DoS) vulnerability and was reclassified as an RCE bug over the weekend.
"Due to new information obtained in March 2026, the original vulnerability is being re-categorized to an RCE. The original CVE remediation has been validated to address the RCE in the fixed versions. We have learned that this vulnerability has been exploited in the vulnerable BIG-IP versions," F5 warned in a Sunday advisory update.
Attackers without privileges are exploiting this security issue to gain remote code execution on unpatched BIG-IP APM systems with access policies configured on a virtual server.
While there is no information on how many BIG-IP APM instances exposed on the Internet have a vulnerable configuration, Internet threat-monitoring non-profit Shadowserver said on Wednesday that it now tracks over 17,100 IPs with BIG-IP APM fingerprints.
More than 14,000 BIG-IP APM systems remain exposed to CVE-2025-53521 attacks according to Shadowserver's data, even though the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure their BIG-IP APM systems by midnight on Monday (after adding the vulnerability to its list of actively exploited flaws on Friday).
F5 has also shared published indicators of compromise (IOCs) and advised defenders to check the disks, logs, and terminal history of BIG-IP devices for signs of malicious activity. It also provides guidance on the measures to take after detecting evidence of compromise, including rebuilding the affected systems from scratch.
"If customers do not know exactly when the system was compromised, user configuration set (UCS) backups may have been created after the compromise occurred," the company said.
"F5 strongly recommends that customers rebuild the configuration from a known good source because UCS files from compromised systems can contain persistent malware."
As a Fortune 500 technology giant, F5 provides cybersecurity, application delivery networking (ADN), and other services to over 23,000 customers, including 48 Fortune 50 companies.
In recent years, BIG-IP vulnerabilities have been targeted by both nation-state and cybercrime threat groups to breach corporate networks, hijack devices, deploy data-wiping malware, map internal servers, and steal sensitive data.
Automated Pentesting Covers Only 1 of 6 Surfaces.
Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.
This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.
如有侵权请联系:admin#unsafe.sh