CVE-2025-48500
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-10-21
Assigner: F5 Networks
Description
Description
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.Β
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| f5 | big-ip_access_policy_manager | From 15.1.0 (inc) to 15.1.10.8 (exc) |
| f5 | big-ip_access_policy_manager | From 16.1.0 (inc) to 16.1.6.1 (exc) |
| f5 | big-ip_access_policy_manager | From 17.1.0 (inc) to 17.1.3 (exc) |
| f5 | big-ip_access_policy_manager | From 17.5.0 (inc) to 17.5.1.3 (exc) |
| f5 | big-ip_access_policy_manager_client | 7.2.5 |
| apple | macos | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-353 | The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing file integrity check in the MacOS F5 VPN browser client installer. It allows a local, authenticated attacker who has access to the local file system to replace the legitimate installer with a malicious package installer.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could install malicious software by replacing the legitimate VPN client installer. This could lead to unauthorized access, data compromise, or further system compromise on the affected MacOS device.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70