CVE-2025-48500

Published: Aug 13, 2025Modified: Oct 21, 2025

7.0

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: f5sirt@f5.com (Secondary)

Description

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected (5)

Products: F5: Big Ip Access Policy Manager, Big Ip Access Policy Manager Client

2 products

Big Ip Access Policy Manager

Big Ip Access Policy Manager Client

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.10.8
F5 Big Ip Access Policy Manager	From 16.1.0 to 16.1.6.1
F5 Big Ip Access Policy Manager	From 17.1.0 to 17.1.3
F5 Big Ip Access Policy Manager	From 17.5.0 to 17.5.1.3
F5 Big Ip Access Policy Manager Client	Version 7.2.5

Running on/with	Platform Versions
Apple Macos	All versions

Related CWEs

CWE-353

Missing Support for Integrity Check

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

References (1)

https://my.f5.com/manage/s/article/K000151782

Source: f5sirt@f5.com

Vendor Advisory

Timeline

No history available yet.