The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-53521, a critical vulnerability affecting F5 BIG-IP Access Policy Manager (APM), to its Known Exploited Vulnerabilities catalog. The flaw enables threat actors to achieve remote code execution on affected systems.
The vulnerability carries a CVSS v4 score of 9.3, indicating critical severity. CISA's decision to include the flaw in the KEV catalog signals that active exploitation has been observed in the wild, though specific details about the scope of attacks or number of affected systems were not disclosed in the available reporting.