CVE-2025-48500

HIGH7.0

Description

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS breakdown

CVSS 4.0

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

Passive

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

F5 / BIG-IP17.5.0 – *
F5 / BIG-IP17.1.0 – *
F5 / BIG-IP16.1.0 – *
F5 / BIG-IP15.1.0 – *
F5 / BIG-IP Edge Client7.2.4 – 7.2.5.3

References

MISChttps://my.f5.com/manage/s/article/K000151782