Ethical Hacking News
U.S. CISA Adds F5 BIG-IP AMP Flaw to Known Exploited Vulnerabilities Catalog: A Critical Alert for Network Administrators and Organizations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability, CVE-2025-53521, allows Remote Code Execution (RCE) when an access policy is enabled on a virtual server. Organizations with F5 BIG-IP AMP installed and configured to enable access policies are advised to address the potential security risk. CISA recommends that organizations review the KEV catalog and take proactive steps to secure their networks against attacks exploiting this known exploited vulnerability.
Pierluigi Paganini, a well-known cybersecurity expert, brings us the latest news about a critical flaw in the F5 BIG-IP AMP system that has been added to the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog.
The KEV catalog is maintained by CISA to provide a list of known vulnerabilities that have been exploited in the wild, with the goal of helping organizations identify and address potential security risks before they become major issues. In this case, the U.S. government agency has added a critical flaw in F5 BIG-IP AMP, tracked as CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), to its KEV catalog.
The vulnerability in question allows specially crafted malicious traffic to trigger Remote Code Execution (RCE) when an access policy is enabled on a virtual server. This means that if an organization has F5 BIG-IP AMP installed and configured in a way that enables access policies, they may be vulnerable to this critical flaw.
According to CISA, the vulnerability was previously classified as a Denial-of-Service (DoS) issue, but its severity was reclassified as a critical Remote Code Execution (RCE) flaw based on new findings in March 2026. The original fix for this vulnerability remains effective, but it has been actively exploited in vulnerable BIG-IP versions.
F5, the vendor of F5 BIG-IP AMP, has acknowledged the issue and is working with CISA to investigate the problem and ensure that a coordinated disclosure occurs. The company has also thanked Schuberg Philis, Bart Vrancken, Fox-IT, and the Dutch NCSC for their help in investigating the issue and ensuring a high-standard coordinated disclosure.
In light of this critical flaw, organizations are advised to review the KEV catalog and address any potential vulnerabilities in their infrastructure. CISA orders federal agencies to fix the vulnerability by March 30, 2026. Private organizations are also recommended to take proactive steps to secure their networks against attacks exploiting this known exploited vulnerability.
The European Commission has recently confirmed a cyberattack affecting part of its cloud systems, and researchers have been sounding the alarm about various other critical vulnerabilities in different software systems.
Furthermore, the U.S. CISA adds another flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog, adding to growing concerns about security vulnerabilities in network infrastructure.
As always, it is crucial for organizations to stay informed and proactive when it comes to cybersecurity. With the ever-evolving threat landscape, staying ahead of potential vulnerabilities requires continuous vigilance and swift action.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-Cybersecurity-and-Infrastructure-Security-Agency-CISA-Takes-Action-Against-a-Critical-F5-BIG-IP-AMP-Vulnerability-ehn.shtml
https://securityaffairs.com/190076/uncategorized/u-s-cisa-adds-a-flaw-in-f5-big-ip-amp-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2025/10/15/cisa-directs-federal-agencies-mitigate-vulnerabilities-f5-devices
https://thehackernews.com/2026/03/cisa-adds-cve-2025-53521-to-kev-after.html
https://nvd.nist.gov/vuln/detail/CVE-2025-53521
https://www.cvedetails.com/cve/CVE-2025-53521/
Published: Sat Mar 28 03:29:45 2026 by llama3.2 3B Q4_K_M
