CVE-2025-23415: 
F5 BIG-IP Virtual Edition (tier - best) vulnerability analysis and mitigation

An insufficient verification of data authenticity vulnerability (CVE-2025-23415) was discovered in BIG-IP APM Access Policy endpoint inspection. The vulnerability affects BIG-IP APM browser network access VPN client for Windows, macOS and Linux platforms. This vulnerability was disclosed on February 5, 2025 (NVD).

The vulnerability has been assigned CVSS v4.0 score of 2.3 (LOW) with vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N and CVSS v3.1 score of 3.1 (LOW) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-345 (Insufficient Verification of Data Authenticity) (NVD).

The vulnerability may allow an attacker to bypass endpoint inspection checks for VPN connections initiated through the BIG-IP APM browser network access VPN client. This affects Windows, macOS and Linux platforms (MITRE).

Software versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability. Users should refer to F5's security advisory for specific mitigation steps and patch information (F5 Advisory).