CISA KEV patch directive for CVE-2025-53521
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CISA added CVE-2025-53521 to its KEV catalog and told federal agencies to patch the F5 BIG-IP flaw within three days. The directive is urgent because the bug is being exploited in the wild and can enable unauthenticated remote code execution. F5 says the issue affects BIG-IP APM deployments with an access policy configured on a virtual server, and fixed releases are available.
Cases
Related Happenings
F5 security patch release for CVE-2026-42530
Security Patch Release
H score39
First: 18.06.2026 20:32
Last: 18.06.2026 20:32
Sources 1
About this happening:
**F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
F5 security patch release for CVE-2026-42530
Security Patch ReleaseAbout this happening: **F5** released security updates for **NGINX Open Source** after finding **two critical vulnerabilities** that could lead to **remote code execution** on affected systems. The pat...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/Mitigation
H score38
First: 16.06.2026 08:41
Last: 16.06.2026 08:41
Sources 1
About this happening:
CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
CISA KEV mitigation for LiteSpeed cPanel Plugin (CVE-2026-54420)
Advisory/MitigationAbout this happening: CISA put **CVE-2026-54420** in **LiteSpeed cPanel Plugin** on the **KEV catalog**, ordering **FCEB agencies** to apply fixes by **June 18, 2026**. The flaw is a **CVSS 8.5 privile...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
Vulnerability
H score41
First: 18.05.2026 10:18
Last: 18.05.2026 10:18
Sources 1
About this happening:
A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)
VulnerabilityAbout this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...
Burst Statistics authentication bypass (CVE-2026-8181)
Vulnerability
H score78
First: 15.05.2026 00:07
Last: 15.05.2026 00:07
Sources 1
About this happening:
**Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...
Burst Statistics authentication bypass (CVE-2026-8181)
VulnerabilityAbout this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...
PraisonAI missing-authentication flaw actively probed (CVE-2026-44338)
Vulnerability
H score27
First: 14.05.2026 14:40
Last: 14.05.2026 14:40
Sources 1
About this happening:
Within **hours of disclosure**, **PraisonAI CVE-2026-44338** was being **probed on internet-exposed instances**, creating **unauthenticated access** risk for the legacy Flask API...
PraisonAI missing-authentication flaw actively probed (CVE-2026-44338)
VulnerabilityAbout this happening: Within **hours of disclosure**, **PraisonAI CVE-2026-44338** was being **probed on internet-exposed instances**, creating **unauthenticated access** risk for the legacy Flask API...
Timeline
-
30.03.2026 10:07 2 articles · 3mo ago
CISA adds CVE-2025-53521 to KEV and orders rapid patching
Legal Policy Action UpdateCISA added CVE-2025-53521 to the Known Exploited Vulnerabilities catalog and told federal agencies to patch vulnerable F5 BIG-IP systems within three days after confirming exploitation in the wild. F5 said the flaw affects BIG-IP APM deployments with an access policy configured on a virtual server, can permit unauthenticated remote code execution, and published indicators of compromise including rogue files, hash and timestamp mismatches, and suspicious HTTP/S activity.
Show sources
- F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild — www.securityweek.com — 30.03.2026 10:07
- Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks — www.bleepingcomputer.com — 02.04.2026 11:25