CISA has added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalogue. The entry affects F5 BIG-IP systems. The vulnerability could allow a threat actor to achieve remote code execution.
CVE-2025-53521 is an unspecified vulnerability residing in F5 BIG-IP Application Manager Policy (AMP). It carries a CVSS score of 9.8 and a CRITICAL severity rating. The flaw permits remote code execution. F5 has released patches to address the issue. Administrators should consult the vendor's security advisories for specific affected versions and update guidance.
CISA has confirmed active exploitation of this flaw in the wild. The agency has not identified specific ransomware campaigns leveraging the vulnerability at this time. Federal Civilian Executive Branch (FCEB) agencies must remediate the issue by 30 March 2026. Administrators should examine internet-accessible F5 appliances for indicators of compromise.
CISA mandates that affected organisations apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. While this binding directive applies directly to FCEB agencies, all organisations should review their exposure to F5 BIG-IP systems immediately.
Consult the NVD entry for CVE-2025-53521 and the CISA KEV catalogue for complete technical details and remediation resources.