F5 BIG-IP APM CVE-2025-53521 impact has recently been updated from a DoS to RCE (see: https://my.f5.com/manage/s/article/K000156741) & added to US CISA KEV (https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-53521)
We are fingerprinting & sharing F5 BIG-IP APM instances - over 17.1K IPs seen on 2026-03-31 globally. This is just a population assessment.
IP data is shared in our Device ID reporting https://www.shadowserver.org/what-we-do/network-reporting/device-identification-report/ with device_vendor set to 'F5', device_model set to 'BIG-IP APM'
Dashboard Tree Map view: https://dashboard.shadowserver.org/statistics/iot-devices/tree/?date_range=1&vendor=f5&model=big-ip+apm&data_set=count&scale=log&auto_update=on
Dashboard World Map view:
https://dashboard.shadowserver.org/statistics/iot-devices/map/?date_range=1&vendor=f5&model=big-ip+apm&data_set=count&scale=log&auto_update=on
Top affected: US, Japan
If you have APM running on your services/network make sure you are patched & review for any compromise