CISA Adds CVE-2025-53521 to KEV Catalog Due to Active Exploitation of F5 BIG-IP APM

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog on Friday, following evidence of active exploitation targeting F5 BIG-IP Access Policy Manager (APM). The vulnerability, assigned a CVSS v4 score of 9.3, enables threat actors to achieve remote code execution. No specific attack vectors or affected versions were detailed beyond the product’s APM component. The inclusion in the KEV catalog indicates confirmed malicious activity in the wild. The notice was published by The Hacker News in March 2026.