Vulnerability Description
An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN client for Windows, macOS and Linux. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Access Policy Manager | >= 15.1.0, < 15.1.10.6.0.11.6 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://my.f5.com/manage/s/article/K000139656Vendor Advisory
FAQ
What is CVE-2025-23415?
CVE-2025-23415 is a vulnerability with a CVSS score of 3.1 (LOW). An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connectio...
How severe is CVE-2025-23415?
CVE-2025-23415 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-23415?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Access Policy Manager, Apple Macos, Linux Linux Kernel, Microsoft Windows.