A vulnerability exists in the BIG‑IP Edge Client and browser VPN clients on Windows that enables attackers to read confidential data. The weakness is a failure to properly restrict access to sensitive information, which can expose credentials, configuration data, or other protected information. The issue falls under the security weakness type of Information Exposure (CWE‑200).

The affected products are F5 BIG‑IP Edge Client and associated browser VPN client components for Windows. Versions are not explicitly enumerated in the advisory but the advisory references the broader product family, so any installation of the Edge Client or the browser VPN client running on Windows could be impacted. Organizations using the F5 BIG‑IP Access Policy Manager platform, particularly versions noted in the included CPE list, should verify whether these components are deployed.

The CVSS score of 2 indicates a low severity assessment. Exploit probability remains very low with an EPSS score less than 1%, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Because the flaw resides in client‑side software that runs on Windows machines, the likely attack vector is local exploitation on a compromised machine or remote exploitation by an attacker who can coerce a user to run the vulnerable client. No public exploit code is reported, so the risk is primarily due to inadvertent data exposure rather than active exploitation by threat actors.