Insufficient Data Authenticity Verification in BIG-IP APM by F5 Networks
CVE-2025-23415

2.3LOW

Key Information:

Vendor: F5
Status: Big-ip
Vendor: CVE Published:; 5 February 2025

Summary

A vulnerability in BIG-IP APM allows attackers to exploit insufficient verification of data authenticity during endpoint inspection, potentially enabling unauthorized bypassing of security checks for VPN connections initiated through the browser network access VPN client on Windows, macOS, and Linux operating systems.

Affected Version(s)

BIG-IP 17.1.0 < 17.1.2

BIG-IP 16.1.0 < 16.1.5

BIG-IP 15.1.0

References

https://my.f5.com/manage/s/article/K000139656

vendor-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Jan 22, 2025