ACCORDING to The Hacker News, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation of F5 BIG-IP Access Policy Manager (APM). The vulnerability could allow a threat actor to achieve remote code execution, with CVSS v4 score 9.3, and was described as pre-auth remote code execution in the current advisories.
When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to remote code execution, according to CVE[.]org. The flaw was initially categorised as a denial-of-service issue but was reclassified as RCE in light of new information obtained in March 2026, and F5 subsequently updated its advisory to confirm exploitation in the vulnerable BIG-IP versions.
In response to the active exploitation, Federal Civilian Executive Branch agencies have been given until 30 March 2026 to apply fixes to secure their networks.