F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.




Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared F5
F5 access For Android
Google
Google android
Vendors & Products F5
F5 access For Android
Google
Google android

Wed, 13 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Aug 2025 15:00:00 +0000

Type Values Removed Values Added
Description F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Title F5 Access for Android vulnerability
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-08-13T14:59:48.855Z

Reserved: 2025-07-29T17:12:25.000Z

Link: CVE-2025-54809

cve-icon Vulnrichment

Updated: 2025-08-13T14:59:37.940Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-13T15:15:38.787

Modified: 2025-08-13T17:33:46.673

Link: CVE-2025-54809

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-16T21:41:33Z