Skip to main content

macOS CVE-2025-48500

HIGH
Missing Support for Integrity Check (CWE-353)
2025-08-13 f5sirt@f5.com
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:06 vuln.today
CVE Published
Aug 13, 2025 - 15:15 nvd
HIGH 7.0

DescriptionCVE.org

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

AnalysisAI

A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-353. A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated attacker with access to the local file system to replace it with a malicious package installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Affected products include: F5 Big-Ip Access Policy Manager, F5 Big-Ip Access Policy Manager Client.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in macOS

View all
CVE-2025-34089 CRITICAL POC
9.3 Jul 03

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility develope

CVE-2026-20700 HIGH POC
7.8 Feb 11

Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2025-34192 CRITICAL POC
9.3 Sep 19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to

CVE-2025-52841 HIGH POC
8.8 Jul 02

Cross-Site Request Forgery (CSRF) vulnerability in Laundry on Linux, MacOS allows to perform an Account Takeover. This i

CVE-2025-34188 HIGH POC
8.4 Sep 19

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330

CVE-2025-1079 HIGH POC
7.8 May 12

Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature. Rated high

CVE-2025-65843 HIGH POC
7.7 Dec 03

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generati

CVE-2026-28403 HIGH POC
7.6 Mar 02

Textream prior to version 1.5.1 fails to validate the Origin header during WebSocket handshake, allowing malicious websi

CVE-2025-7007 HIGH POC
7.5 Dec 01

NULL Pointer Dereference vulnerability in Avast Antivirus on MacOS, Avast Anitvirus on Linux when scanning a malformed W

CVE-2025-59489 HIGH POC
7.4 Oct 03

CVE-2025-59489 is a security vulnerability (CVSS 7.4) that allows argument injection that can result. Risk factors: publ

CVE-2025-5199 HIGH POC
7.3 Jul 12

CVE-2025-5199 is a local privilege escalation vulnerability in Canonical Multipass up to version 1.15.1 on macOS, where

Share

CVE-2025-48500 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy