SB2025020742 - Inclusion of sensitive information into log files in BIG-IP Next Central Manager
Published: February 7, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-23413)
CWE-ID: CWE-532 - Information Exposure Through Log Files
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into the pgaudit log files when users log in through the webUI or API using local authentication. A local user can read the log files and gain access to sensitive data.
Remediation
Install update from vendor's website.