Main Vulnerability Database Vulnerabilities #VU103725

Inclusion of Sensitive Information in Log Files in BIG-IP Next Central Manager - CVE-2025-23413

Published: February 7, 2025

Vulnerability identifier: #VU103725

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-23413

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: F5 Networks

Affected software:
BIG-IP Next Central Manager

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into the pgaudit log files when users log in through the webUI or API using local authentication. A local user can read the log files and gain access to sensitive data.

How to mitigate CVE-2025-23413

Install updates from vendor's website.

Sources

https://my.f5.com/manage/s/article/K000149185

Inclusion of Sensitive Information in Log Files in BIG-IP Next Central Manager - CVE-2025-23413

Detailed vulnerability description

How to mitigate CVE-2025-23413

Sources

Please verify you're human