CISA added a critical vulnerability in F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities catalog on Friday, based on evidence of ongoing exploitation. Tracked as CVE-2025-53521, successful exploitation of the vulnerability could allow a threat actor to achieve remote code execution. CISA urges users to patch the vulnerability before March 30, 2026.