Sensitive Information Exposure in F5 BIG-IP Next Central Manager
CVE-2025-23413

6.7MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Next Central Manager
Vendor: CVE Published:; 5 February 2025

What is CVE-2025-23413?

BIG-IP Next Central Manager may inadvertently log sensitive user authentication information into the pgaudit log files during login via the webUI or API. This information can potentially be accessed by unauthorized individuals, posing a risk to data confidentiality and user security. Proper configuration and regular audits of log files are essential to mitigate the potential exposure of sensitive information.

Affected Version(s)

BIG-IP Next Central Manager 20.1.0 < 20.3.0

References

https://my.f5.com/manage/s/article/K000149185

vendor-advisory

CVSS V4

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jan 22, 2025

F5

What is CVE-2025-23413?

Affected Version(s)

References

CVSS V4

Timeline

Credit