CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

Overview

Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVSS v4 score: 9.3), which could allow a threat actor to achieve remote code execution.

Vulnerability Details

• CVE-2025-53521: Referenced in source reporting from thehackernews.

Organisations Involved

The following organisations are mentioned in relation to this incident: Access Policy Manager, After Active, CISA, Exploitation
The, Infrastructure Security Agency, Known Exploited Vulnerabilities.

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.