A critical remote code execution vulnerability, CVE-2025-53521, is being actively exploited by attackers in over 14,000 exposed F5 BIG-IP APM instances online, posing a significant threat to organizations. This flaw, with a CVSS score of 9.8, allows specially crafted malicious traffic to trigger remote code execution when an access policy is enabled on a virtual server. The vulnerability is particularly concerning as it enables attackers to execute arbitrary code, potentially leading to complete system compromise. As a result, organizations with exposed F5 BIG-IP APM instances are at risk of being targeted by malicious actors1. The widespread exploitation of this vulnerability expands the active attack surface, making it essential for practitioners to prioritize mitigation based on their exposure and evidence of exploitation. This vulnerability's exploitation has significant implications for security teams, who must take immediate action to protect their systems.