A critical security flaw, CVE-2025-53521, affecting F5 BIG-IP Access Policy Manager (APM), has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog due to active exploitation by threat actors1. This vulnerability, with a CVSS v4 score of 9.3, enables remote code execution, allowing attackers to execute arbitrary code on vulnerable systems. The addition to the KEV catalog indicates that CISA has evidence of active exploitation, making it a high-priority issue for organizations using F5 BIG-IP APM. The vulnerability's exploitation status suggests that immediate patching is necessary to prevent potential attacks. This matters to security practitioners because the active exploitation of CVE-2025-53521 poses a significant risk to their organizations, making prompt remediation essential to prevent remote code execution attacks.
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
⚠️ Critical Alert
Why This Matters
CVE-2025-53521 is in active discussion involving CISA — exploitation status determines whether this is patch-now or monitor.
References
- The Hacker News. (2026, March 28). CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation. *The Hacker News*. https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html
Original Source
The Hacker News
Read original →