Over 14,000 F5 BIG-IP APM Instances Still Exposed to RCE Attacks

Over 14,000 F5 BIG-IP Access Policy Manager (APM) instances remain exposed online, leaving them vulnerable to remote code execution (RCE) attacks. The security monitoring organization Shadowserver identified these exposed systems amid ongoing exploitation attempts targeting a critical-severity flaw. No specific CVE ID or exact date of discovery was provided in the report. The affected devices are internet-facing, increasing the risk of unauthorized access or compromise. The vulnerability enables attackers to execute arbitrary code on unpatched systems. The exposure persists despite prior warnings about active exploitation.