F5 BIG-IP APM Exploitation - Web Service Process Spawning Interactive Shell

Detects suspicious child process spawning from F5 BIG-IP web service and management plane processes, indicative of active exploitation of CVE-2025-53521 added to CISA KEV, where APM authentication bypass enables remote code execution through web shell deployment or command injection against the BIG-IP management interface