Identity Verification Bypass in F5 Access for Android by F5 Networks
CVE-2025-54809

8.8HIGH

Key Information:

Vendor: F5
Status: F5 Access
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-54809?

F5 Access for Android prior to version 3.1.2 is vulnerable to an identity verification bypass. The application, which utilizes HTTPS, fails to properly verify the identity of the remote endpoint, posing a significant risk of man-in-the-middle attacks. This could allow malicious actors to impersonate legitimate servers, intercept sensitive information, and compromise user data integrity. Users are strongly advised to upgrade to the latest version to mitigate this risk.

Affected Version(s)

F5 Access Android 3.1.0 < 3.1.2

References

https://my.f5.com/manage/s/article/K000152049

vendor-advisory

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Jul 29, 2025

F5

What is CVE-2025-54809?

Affected Version(s)

References

CVSS V4

Timeline

Credit