CVE-2025-23415
LOWDescription
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager |
| apple | macos |
| linux | linux_kernel |
| microsoft | windows |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-23415? +
How severe is CVE-2025-23415? +
What products are affected by CVE-2025-23415? +
How do I check if I'm vulnerable to CVE-2025-23415? +
Related Vulnerabilities
go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed …
Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, …
Kavita is a cross platform reading server. Prior to 0.9.0.2, an Improper Token validation flaw permits a remote and unauthenticated …
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege …
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior …
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in …