CVE-2025-48500
HIGHDescription
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Is your site exposed to CVE-2025-48500?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager |
| f5 | big-ip_access_policy_manager_client |
| apple | macos |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-48500? +
How severe is CVE-2025-48500? +
What products are affected by CVE-2025-48500? +
How do I check if I'm vulnerable to CVE-2025-48500? +
Related Vulnerabilities
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and …
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity …
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and …
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially …
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants …
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin …