CVE-2025-54809

Summary

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected Software

VendorProductVersion RangeStatus
F5F5 Access3.1.0 < 3.1.2affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References