The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added CVE-2025-53521, a critical vulnerability in the F5 BIG-IP Access Policy Manager (APM), to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability, rated with a CVSS v4 score of 9.3, poses a significant risk as it allows threat actors to execute remote code. The inclusion in the KEV catalog indicates not only the severity of the flaw but also the existence of active exploitation, heightening the urgency for organizations to address this risk.
For businesses utilizing F5 BIG-IP APM, this vulnerability necessitates immediate action. Organizations are encouraged to apply patches or mitigations as recommended by F5 to safeguard against potential breaches. The implications are particularly critical for sectors relying on secure access management, as the exploitation of this vulnerability could lead to unauthorized access to sensitive systems. As the cybersecurity landscape continually evolves, the proactive identification and remediation of such vulnerabilities are essential in maintaining robust security postures and protecting against the increasing sophistication of cyber threats.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html)*