CVE-2025-61933 - F5 Big-ip Access Policy Manager

Moderate 6.1

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Affected software

F5 Big-ip Access Policy Manager

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.