CVE-2025-48500

Summary

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5BIG-IP Edge Client7.2.4 < 7.2.5.3affected
F5BIG-IP17.5.0 < *affected
F5BIG-IP17.1.0 < *affected
F5BIG-IP16.1.0 < *affected
F5BIG-IP15.1.0 < *affected

Weaknesses

  • CWE-353: CWE-353: Missing Support for Integrity Check

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References