A vulnerability misclassified five months ago as a denial-of-service issue in F5 BIG-IP Access Policy Manager (APM) turned out to be a critical pre-authentication remote code execution flaw that is now under active exploitation. Hackers are using it to deploy a persistent malware program that runs with root privileges. The CVE-2025-53521 vulnerability was first disclosed in October 2025 as a DoS issue with a CVSS severity score of 7.5. F5 updated the advisory Friday, reclassifying it as remote code execution and raising its score to CVSS 9.8 in light of “new information” it has received. The same day, CISA added the flaw to its Known Exploited Vulnerabilities (KEV) catalog and the Netherland...