Vulnerabilities3 min read
F5 BIG-IP Flaw Upgraded to RCE After Active Exploitation Confirmed
CISA added CVE-2025-53521 to its KEV catalog after F5 reclassified the BIG-IP APM vulnerability from DoS to remote code execution. CVSS 9.8—federal deadline is March 30.
Marcus ChenMar 29, 2026