F5‘s BIG-IP Access Policy Manager vulnerability CVE-2025-53521—originally treated as a denial-of-service issue—was reclassified as an unauthenticated remote code execution (RCE) after March 2026 intelligence showed active exploitation. The change forced CISA into the Known Exploited Vulnerabilities (KEV) list and triggered federal patch mandates; organizations must treat this as an immediate compromise risk, not a mere […]