CVE-2025-48500

CWE-3534 documents4 sources

Severity

7.0HIGH

EPSS

0.0%

top 98.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip F5 Big-ip Edge Client F5 Big-ip Access Policy Manager +1 more

Timeline

PublishedAug 13

Description

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶NVDf5/big-ip_access_policy_manager_client7.2.5

▶CVEListV5f5/big-ip_edge_client7.2.4 — 7.2.5.3

▶NVDf5/big-ip_access_policy_manager15.1.0 — 15.1.10.8+3

▶CVEListV5f5/big-ip17.5.0 — *+3

🔴Vulnerability Details

CVEList

BIG-IP APM VPN web client for macOS vulnerability↗2025-08-13

▶

GHSA

GHSA-562w-w6qf-mvxf: A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with acces↗2025-08-13

▶

📋Vendor Advisories

CVE-2025-48500: A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, ...↗2025-08-13

▶