Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV patch directive for CVE-2025-53521

Advisory/Mitigation
First reported
Last updated
Happening score
H score 59
2 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2025-53521 to its KEV catalog and told federal agencies to patch the F5 BIG-IP flaw within three days. The directive is urgent because the bug is being exploited in the wild and can enable unauthenticated remote code execution. F5 says the issue affects BIG-IP APM deployments with an access policy configured on a virtual server, and fixed releases are available.

Cases

F5 BIG-IP APM RCE exploitation and response (4)

Related Happenings

Linux kernel rxgk local DirtyDecrypt/DirtyCBC privilege-escalation flaw (CVE-2026-31635)

Vulnerability
First: 18.05.2026 10:18 Last: 18.05.2026 10:18 Sources 1

About this happening: A **proof-of-concept exploit** has been released for **DirtyDecrypt/DirtyCBC** (**CVE-2026-31635**), a **recently patched Linux kernel** flaw in **rxgk_decrypt_skb()** that can en...

Open Happening

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
First: 15.05.2026 00:07 Last: 15.05.2026 00:07 Sources 1

About this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...

Open Happening

PraisonAI missing-authentication flaw actively probed (CVE-2026-44338)

Vulnerability
First: 14.05.2026 14:40 Last: 14.05.2026 14:40 Sources 1

About this happening: Within **hours of disclosure**, **PraisonAI CVE-2026-44338** was being **probed on internet-exposed instances**, creating **unauthenticated access** risk for the legacy Flask API...

Open Happening

F5 security patch release for CVE-2026-42945

Security Patch Release
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: F5 released **security fixes** for **NGINX Plus** and **NGINX Open Source** after disclosing **multiple vulnerabilities**, including **CVE-2026-42945**. The patch release covers i...

Latest development: 17.05.2026 14:57

VulnCheck reported active exploitation of CVE-2026-42945 against NGINX Plus and NGINX Open, saying honeypot networks saw weaponized crafted HTTP requests that can crash worker processes and, when ASLR is disabled, enable remote code execution.

Open Happening

NGINX Plus and NGINX Open Source ngx_http_rewrite_module heap buffer overflow remote code execution flaw (CVE-2026-42945)

Vulnerability
First: 14.05.2026 09:00 Last: 14.05.2026 09:00 Sources 1

About this happening: **CVE-2026-42945** exposes a **heap buffer overflow** in **NGINX Plus** and **NGINX Open Source** through **ngx_http_rewrite_module**, creating risk of **unauthenticated remote co...

Open Happening

Timeline

  1. 30.03.2026 10:07 2 articles · 1mo ago

    CISA adds CVE-2025-53521 to KEV and orders rapid patching

    Legal Policy Action Update

    CISA added CVE-2025-53521 to the Known Exploited Vulnerabilities catalog and told federal agencies to patch vulnerable F5 BIG-IP systems within three days after confirming exploitation in the wild. F5 said the flaw affects BIG-IP APM deployments with an access policy configured on a virtual server, can permit unauthenticated remote code execution, and published indicators of compromise including rogue files, hash and timestamp mismatches, and suspicious HTTP/S activity.

    Show sources
    Open in new tab