CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

CISA just slapped CVE-2025-53521 onto its Known Exploited Vulnerabilities (KEV) catalog — and this one's already being actively abused in the wild. It's a critical 9.3 CVSS remote code execution flaw in F5's BIG-IP Access Policy Manager (APM).

Translation: If you're running F5 BIG-IP APM, patch NOW. CISA's giving Federal Civilian Executive Branch (FCEB) agencies until March 30, 2026 to fix this, but everyone else should treat this as a five-alarm fire.

The vulnerability allows unauthenticated attackers to execute arbitrary code on affected systems. We're talking full system compromise — not just a little data leak. F5 released patches back in January 2025, but apparently not everyone got the memo.

CISA's KEV listing means this isn't theoretical anymore. Threat actors are actively exploiting this in the wild, and the clock is ticking for defenders. The Binding Operational Directive (BOD) 22-01 requires FCEB agencies to patch within the deadline, but private sector orgs should move just as fast.

This is exactly why CISA created the KEV catalog — to highlight vulnerabilities that are actually being used by adversaries right now. When something hits this list, it's not a 'maybe patch' situation, it's a 'drop everything and patch' emergency.

Security teams: Check your F5 BIG-IP APM deployments immediately. If you haven't applied the January 2025 patches yet, you're running on borrowed time. The exploit is public, the patches are available, and the bad guys are already using this to get into networks.