A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added the flaw to its Known Exploited Vulnerabilities catalog after F5 updated the related security advisory, The advisory was initially published on October 15, 2025, when F5 confirmed a data breach that resulted in a “highly sophisticated nation-state threat actor” accessing – among other … More → The post Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) appeared first on Help Net Security.