File Integrity Check Vulnerability in F5 VPN for MacOS
CVE-2025-48500

7HIGH

Key Information:

Vendor: F5
Status: Big-ip Edge Client; Big-ip
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-48500?

A vulnerability in the F5 VPN browser client installer for MacOS allows a local, authenticated attacker to exploit the absence of a file integrity check. This flaw enables the attacker, who has access to the local file system, to substitute the legitimate installer with a malicious package. Users must ensure their systems are protected against unauthorized file modifications to mitigate this risk.

Affected Version(s)

BIG-IP 17.5.0

BIG-IP 17.1.0

BIG-IP 16.1.0

References

https://my.f5.com/manage/s/article/K000151782

vendor-advisory

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Jul 29, 2025

Credit

F5 acknowledges Adwiteeya Agrawal of Snapchat, Inc for bringing this issue to our attention and following the highest standards of coordinated disclosure.