CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
Summary
CISA has added CVE-2025-53521, a critical vulnerability affecting F5 BIG-IP Access Policy Manager, to its Known Exploited Vulnerabilities catalog. This decision was based on evidence of active exploitation in the wild, which could allow attackers to achieve remote code execution.
IFF Assessment
The active exploitation of a critical vulnerability that allows for remote code execution poses a direct threat to organizations, making it bad news for defenders.
Severity
The CVSS v4 score of 9.3 indicates a critical severity, primarily due to the potential for remote code execution. This implies a highly exploitable vulnerability that could lead to significant system compromise.
Defender Context
Organizations using F5 BIG-IP APM should prioritize patching or mitigating CVE-2025-53521 immediately due to its inclusion in CISA's KEV catalog. Defenders should also enhance their monitoring for indicators of compromise related to this vulnerability, as active exploitation suggests a high likelihood of attack.