A critical-severity remote code execution flaw in F5's BIG-IP APM has been exploited by hackers to deploy webshells on unpatched devices, prompting a warning from the vendor to patch immediately. The vulnerability, initially classified as a denial-of-service issue, has been reclassified due to its potential for remote code execution, allowing attackers to gain control of affected systems. F5 BIG-IP devices are widely used in enterprise networks, making this flaw a significant concern for organizations that have not yet applied the necessary patch1. The exploitation of this vulnerability can lead to the deployment of webshells, which can be used as a beachhead for further attacks. This vulnerability underscores the importance of keeping systems up to date with the latest security patches, as exploitation can have severe consequences for an organization's security posture. So what matters most to practitioners is the urgent need to apply the patch to prevent potential breaches.
Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now
⚠️ Critical Alert
Why This Matters
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy.
References
- BleepingComputer. (2026, March 30). Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now. BleepingComputer. https://www.bleepingcomputer.com/news/security/hackers-now-exploit-critical-f5-big-ip-flaw-in-attacks-patch-now/
Original Source
BleepingComputer
Read original →