Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-53859 (GCVE-0-2025-53859)
Vulnerability from cvelistv5 – Published: 2025-08-13 14:46 – Updated: 2025-11-04 21:12
VLAI
EPSS
Title
NGINX ngx_mail_smtp_module vulnerability
Summary
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000152786 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2025/08/13/5 |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| F5 | NGINX Plus |
Unaffected:
R35
(custom)
Affected: R34 , < R34 P2 (custom) Affected: R33 , < R33 P3 (custom) Affected: R32 , < R32 P3 (custom) Affected: R31 , < * (custom) Affected: R30 , < * (custom) |
|
| F5 | NGINX Open Source |
Affected:
0.7 , < 1.29.1
(custom)
|
Date Public
2025-08-13 14:00
Credits
F5 acknowledges the Amazon Web Services Security team for bringing this issue to our attention and following the highest standards of coordinated disclosure.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53859",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T15:06:23.895538Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:14:55.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:12:39.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"ngx_mail_smtp_module"
],
"product": "NGINX Plus",
"vendor": "F5",
"versions": [
{
"status": "unaffected",
"version": "R35",
"versionType": "custom"
},
{
"lessThan": "R34 P2",
"status": "affected",
"version": "R34",
"versionType": "custom"
},
{
"lessThan": "R33 P3",
"status": "affected",
"version": "R33",
"versionType": "custom"
},
{
"lessThan": "R32 P3",
"status": "affected",
"version": "R32",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "R31",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "affected",
"version": "R30",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"modules": [
"ngx_mail_smtp_module"
],
"product": "NGINX Open Source",
"vendor": "F5",
"versions": [
{
"lessThan": "1.29.1",
"status": "affected",
"version": "0.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "F5 acknowledges the Amazon Web Services Security team for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"datePublic": "2025-08-13T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T14:46:55.471Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000152786"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NGINX ngx_mail_smtp_module vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2025-53859",
"datePublished": "2025-08-13T14:46:55.471Z",
"dateReserved": "2025-07-29T17:12:25.039Z",
"dateUpdated": "2025-11-04T21:12:39.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-53859",
"date": "2026-06-07",
"epss": "0.00034",
"percentile": "0.10339"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-53859\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2025-08-13T15:15:37.657\",\"lastModified\":\"2025-11-04T22:16:27.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \\\"none,\\\" and (3) the authentication server returns the \\\"Auth-Wait\\\" response header.\\n\\n\\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"NGINX Open Source y NGINX Plus presentan una vulnerabilidad en el m\u00f3dulo ngx_mail_smtp_module que podr\u00eda permitir que un atacante no autenticado sobrelea la memoria del proceso de autenticaci\u00f3n SMTP de NGINX. Como resultado, el servidor podr\u00eda filtrar bytes arbitrarios enviados en una solicitud al servidor de autenticaci\u00f3n. Este problema ocurre durante el proceso de autenticaci\u00f3n SMTP de NGINX y requiere que el atacante realice preparativos en el sistema objetivo para extraer los datos filtrados. El problema afecta a NGINX solo si (1) se compila con el m\u00f3dulo ngx_mail_smtp_module, (2) la directiva smtp_auth est\u00e1 configurada con el m\u00e9todo \\\"none\\\" y (3) el servidor de autenticaci\u00f3n devuelve el encabezado de respuesta \\\"Auth-Wait\\\". Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BF2B19-52C7-4051-BA58-CAE6F912B72F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"8248517E-D805-4928-8252-2168472341EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"36C4308E-651E-437C-84E7-10C542E3ADC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA913184-EAAD-409E-99C6-AB979DAA93F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"782DF180-1101-4D6A-A1D7-8DADBAF6D9D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"514B0A2A-E2FD-4DB7-B5B8-5C59F1D60AD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"46DC49B8-7286-4867-9CDA-1C1B469CD304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"43477C2E-7485-4146-B25C-F58D632CD85B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"25292797-19EC-446B-BB26-FAC7A280F61D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7453D683-FCA7-46EE-BE49-5FD9A01D7F87\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.7.22\",\"versionEndExcluding\":\"1.29.1\",\"matchCriteriaId\":\"69F418AB-2C97-42AF-9D5F-5F27B7451046\"}]}]}],\"references\":[{\"url\":\"https://my.f5.com/manage/s/article/K000152786\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/08/13/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/08/13/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:12:39.856Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53859\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T15:06:23.895538Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T15:14:51.817Z\"}}], \"cna\": {\"title\": \"NGINX ngx_mail_smtp_module vulnerability\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"F5 acknowledges the Amazon Web Services Security team for bringing this issue to our attention and following the highest standards of coordinated disclosure.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"F5\", \"modules\": [\"ngx_mail_smtp_module\"], \"product\": \"NGINX Plus\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"R35\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R34\", \"lessThan\": \"R34 P2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R33\", \"lessThan\": \"R33 P3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R32\", \"lessThan\": \"R32 P3\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R31\", \"lessThan\": \"*\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"R30\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"F5\", \"modules\": [\"ngx_mail_smtp_module\"], \"product\": \"NGINX Open Source\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.7\", \"lessThan\": \"1.29.1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2025-08-13T14:00:00.000Z\", \"references\": [{\"url\": \"https://my.f5.com/manage/s/article/K000152786\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"F5 SIRTBot v1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \\\"none,\\\" and (3) the authentication server returns the \\\"Auth-Wait\\\" response header.\\n\\n\\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \\\"none,\\\" and (3) the authentication server returns the \\\"Auth-Wait\\\" response header.\\n\\n\\n\\n\\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"shortName\": \"f5\", \"dateUpdated\": \"2025-08-13T14:46:55.471Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-53859\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:12:39.856Z\", \"dateReserved\": \"2025-07-29T17:12:25.039Z\", \"assignerOrgId\": \"9dacffd4-cb11-413f-8451-fbbfd4ddc0ab\", \"datePublished\": \"2025-08-13T14:46:55.471Z\", \"assignerShortName\": \"f5\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-53859
Vulnerability from fkie_nvd - Published: 2025-08-13 15:15 - Updated: 2025-11-04 22:16
Severity
Summary
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | nginx_plus | r30 | |
| f5 | nginx_plus | r31 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r32 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r33 | |
| f5 | nginx_plus | r34 | |
| f5 | nginx_plus | r34 | |
| f5 | nginx_open_source | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
"matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*",
"matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*",
"matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*",
"matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*",
"matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:*",
"matchCriteriaId": "514B0A2A-E2FD-4DB7-B5B8-5C59F1D60AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*",
"matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*",
"matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:*",
"matchCriteriaId": "25292797-19EC-446B-BB26-FAC7A280F61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*",
"matchCriteriaId": "7453D683-FCA7-46EE-BE49-5FD9A01D7F87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69F418AB-2C97-42AF-9D5F-5F27B7451046",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "0.7.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
},
{
"lang": "es",
"value": "NGINX Open Source y NGINX Plus presentan una vulnerabilidad en el m\u00f3dulo ngx_mail_smtp_module que podr\u00eda permitir que un atacante no autenticado sobrelea la memoria del proceso de autenticaci\u00f3n SMTP de NGINX. Como resultado, el servidor podr\u00eda filtrar bytes arbitrarios enviados en una solicitud al servidor de autenticaci\u00f3n. Este problema ocurre durante el proceso de autenticaci\u00f3n SMTP de NGINX y requiere que el atacante realice preparativos en el sistema objetivo para extraer los datos filtrados. El problema afecta a NGINX solo si (1) se compila con el m\u00f3dulo ngx_mail_smtp_module, (2) la directiva smtp_auth est\u00e1 configurada con el m\u00e9todo \"none\" y (3) el servidor de autenticaci\u00f3n devuelve el encabezado de respuesta \"Auth-Wait\". Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
}
],
"id": "CVE-2025-53859",
"lastModified": "2025-11-04T22:16:27.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "f5sirt@f5.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
},
"published": "2025-08-13T15:15:37.657",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://my.f5.com/manage/s/article/K000152786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/5"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
}
]
}
GHSA-2QMJ-Q2XC-85V8
Vulnerability from github – Published: 2025-08-13 15:30 – Updated: 2025-11-05 00:31
VLAI
Details
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
{
"affected": [],
"aliases": [
"CVE-2025-53859"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T15:15:37Z",
"severity": "MODERATE"
},
"details": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-2qmj-q2xc-85v8",
"modified": "2025-11-05T00:31:24Z",
"published": "2025-08-13T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53859"
},
{
"type": "WEB",
"url": "https://my.f5.com/manage/s/article/K000152786"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
MSRC_CVE-2025-53859
Vulnerability from csaf_microsoft - Published: 2025-08-02 00:00 - Updated: 2025-09-04 00:15Summary
NGINX ngx_mail_smtp_module vulnerability
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-125
- Out-of-bounds Read
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20144-17086 | — | ||
| Unresolved product id: 19860-17084 | — | ||
| Unresolved product id: 20401-17086 | — | ||
| Unresolved product id: 20432-17084 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-53859.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "NGINX ngx_mail_smtp_module vulnerability",
"tracking": {
"current_release_date": "2025-09-04T00:15:43.000Z",
"generator": {
"date": "2025-10-20T03:41:12.345Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-53859",
"initial_release_date": "2025-08-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-04T00:15:43.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 nginx 1.22.1-13",
"product": {
"name": "\u003ccbl2 nginx 1.22.1-13",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 nginx 1.22.1-13",
"product": {
"name": "cbl2 nginx 1.22.1-13",
"product_id": "20144"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 nginx 1.25.4-4",
"product": {
"name": "\u003cazl3 nginx 1.25.4-4",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 nginx 1.25.4-4",
"product": {
"name": "azl3 nginx 1.25.4-4",
"product_id": "19860"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 nginx 1.22.1-14",
"product": {
"name": "\u003ccbl2 nginx 1.22.1-14",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 nginx 1.22.1-14",
"product": {
"name": "cbl2 nginx 1.22.1-14",
"product_id": "20401"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 nginx 1.25.4-5",
"product": {
"name": "\u003cazl3 nginx 1.25.4-5",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 nginx 1.25.4-5",
"product": {
"name": "azl3 nginx 1.25.4-5",
"product_id": "20432"
}
}
],
"category": "product_name",
"name": "nginx"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nginx 1.22.1-13 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nginx 1.22.1-13 as a component of CBL Mariner 2.0",
"product_id": "20144-17086"
},
"product_reference": "20144",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nginx 1.25.4-4 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nginx 1.25.4-4 as a component of Azure Linux 3.0",
"product_id": "19860-17084"
},
"product_reference": "19860",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nginx 1.22.1-14 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nginx 1.22.1-14 as a component of CBL Mariner 2.0",
"product_id": "20401-17086"
},
"product_reference": "20401",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 nginx 1.25.4-5 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nginx 1.25.4-5 as a component of Azure Linux 3.0",
"product_id": "20432-17084"
},
"product_reference": "20432",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53859",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "general",
"text": "f5",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20144-17086",
"19860-17084",
"20401-17086",
"20432-17084"
],
"known_affected": [
"17086-3",
"17084-4",
"17086-2",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53859 NGINX ngx_mail_smtp_module vulnerability - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-53859.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-04T00:15:43.000Z",
"details": "1.22.1-14:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3",
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-04T00:15:43.000Z",
"details": "1.25.4-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-4",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"17086-3",
"17084-4",
"17086-2",
"17084-1"
]
}
],
"title": "NGINX ngx_mail_smtp_module vulnerability"
}
]
}
OPENSUSE-SU-2025:15450-1
Vulnerability from csaf_opensuse - Published: 2025-08-15 00:00 - Updated: 2025-08-15 00:00Summary
nginx-1.29.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: nginx-1.29.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the nginx-1.29.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15450
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.29.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.29.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.29.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-1.29.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.29.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.29.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.29.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nginx-source-1.29.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "nginx-1.29.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the nginx-1.29.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15450",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15450-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53859/"
}
],
"title": "nginx-1.29.1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-15T00:00:00Z",
"generator": {
"date": "2025-08-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15450-1",
"initial_release_date": "2025-08-15T00:00:00Z",
"revision_history": [
{
"date": "2025-08-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.29.1-1.1.aarch64",
"product": {
"name": "nginx-1.29.1-1.1.aarch64",
"product_id": "nginx-1.29.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nginx-source-1.29.1-1.1.aarch64",
"product": {
"name": "nginx-source-1.29.1-1.1.aarch64",
"product_id": "nginx-source-1.29.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.29.1-1.1.ppc64le",
"product": {
"name": "nginx-1.29.1-1.1.ppc64le",
"product_id": "nginx-1.29.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nginx-source-1.29.1-1.1.ppc64le",
"product": {
"name": "nginx-source-1.29.1-1.1.ppc64le",
"product_id": "nginx-source-1.29.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.29.1-1.1.s390x",
"product": {
"name": "nginx-1.29.1-1.1.s390x",
"product_id": "nginx-1.29.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nginx-source-1.29.1-1.1.s390x",
"product": {
"name": "nginx-source-1.29.1-1.1.s390x",
"product_id": "nginx-source-1.29.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.29.1-1.1.x86_64",
"product": {
"name": "nginx-1.29.1-1.1.x86_64",
"product_id": "nginx-1.29.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nginx-source-1.29.1-1.1.x86_64",
"product": {
"name": "nginx-source-1.29.1-1.1.x86_64",
"product_id": "nginx-source-1.29.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.29.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.29.1-1.1.aarch64"
},
"product_reference": "nginx-1.29.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.29.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.29.1-1.1.ppc64le"
},
"product_reference": "nginx-1.29.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.29.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.29.1-1.1.s390x"
},
"product_reference": "nginx-1.29.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.29.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-1.29.1-1.1.x86_64"
},
"product_reference": "nginx-1.29.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.29.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.29.1-1.1.aarch64"
},
"product_reference": "nginx-source-1.29.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.29.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.29.1-1.1.ppc64le"
},
"product_reference": "nginx-source-1.29.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.29.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.29.1-1.1.s390x"
},
"product_reference": "nginx-source-1.29.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.29.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nginx-source-1.29.1-1.1.x86_64"
},
"product_reference": "nginx-source-1.29.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53859"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nginx-1.29.1-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53859",
"url": "https://www.suse.com/security/cve/CVE-2025-53859"
},
{
"category": "external",
"summary": "SUSE Bug 1248070 for CVE-2025-53859",
"url": "https://bugzilla.suse.com/1248070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nginx-1.29.1-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nginx-1.29.1-1.1.aarch64",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.s390x",
"openSUSE Tumbleweed:nginx-1.29.1-1.1.x86_64",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.aarch64",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.ppc64le",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.s390x",
"openSUSE Tumbleweed:nginx-source-1.29.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-53859"
}
]
}
RHSA-2026:8346
Vulnerability from csaf_redhat - Published: 2026-04-15 21:09 - Updated: 2026-05-11 14:31Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
nginx:
* nginx-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-all-modules-1.30.0-1.hum1 (noarch)
* nginx-core-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-filesystem-1.30.0-1.hum1 (noarch)
* nginx-mod-devel-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-http-geoip-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-http-image-filter-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-http-perl-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-http-xslt-filter-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-mail-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-stream-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-mod-stream-geoip-1.30.0-1.hum1 (aarch64, x86_64)
* nginx-1.30.0-1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory access flaw has been discovered in nginx. The ngx_mail_smtp_module might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory. As a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue occurs during the NGINX SMTP authentication process, requiring the attacker to prepare against the target system to extract the leaked data.
CWE-125 - Out-of-bounds ReadAffected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server.
5.9 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in NGINX, specifically within the ngx_mail_auth_http_module. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of Service (DoS), making the affected NGINX instance unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngx_http_dav_module module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to the termination of the NGINX worker process, resulting in a Denial of Service (DoS), or allow for the modification of source or destination file names outside the intended document root.
8.2 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in NGINX Open Source, specifically within the ngx_http_mp4_module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resulting in a Denial of Service (DoS). This issue affects 32-bit NGINX Open Source when built with the ngx_http_mp4_module and the mp4 directive is used.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in NGINX Plus and NGINX Open Source, specifically within the ngx_mail_smtp_module. This vulnerability allows an attacker-controlled DNS (Domain Name System) server to inject arbitrary headers into SMTP (Simple Mail Transfer Protocol) upstream requests. This is due to the improper handling of Carriage Return (CRLF) sequences in DNS responses. The primary consequence is the potential manipulation of these requests, which could alter their intended behavior.
CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A flaw was found in NGINX, specifically within its `ngx_stream_ssl_module`. When NGINX is configured to verify client certificates and use the Online Certificate Status Protocol (OCSP) for revocation checks, it fails to properly enforce the revocation status. This allows a Transport Layer Security (TLS) handshake to complete successfully, even if the client's certificate has been identified as revoked. Consequently, systems using revoked certificates may still be able to establish connections, potentially leading to unauthorized access or communication.
5.4 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in NGINX's ngx_http_mp4_module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead to process termination, potentially causing a denial-of-service or, under certain conditions, achieving code execution.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nginx-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nginx-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
52 references
Acknowledgments
Aisle Research
Pavel Kohout
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnginx:\n * nginx-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-all-modules-1.30.0-1.hum1 (noarch)\n * nginx-core-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-filesystem-1.30.0-1.hum1 (noarch)\n * nginx-mod-devel-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-http-geoip-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-http-image-filter-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-http-perl-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-http-xslt-filter-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-mail-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-stream-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-mod-stream-geoip-1.30.0-1.hum1 (aarch64, x86_64)\n * nginx-1.30.0-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8346",
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53859",
"url": "https://access.redhat.com/security/cve/CVE-2025-53859"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27654",
"url": "https://access.redhat.com/security/cve/CVE-2026-27654"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27784",
"url": "https://access.redhat.com/security/cve/CVE-2026-27784"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28755",
"url": "https://access.redhat.com/security/cve/CVE-2026-28755"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28753",
"url": "https://access.redhat.com/security/cve/CVE-2026-28753"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27651",
"url": "https://access.redhat.com/security/cve/CVE-2026-27651"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32647",
"url": "https://access.redhat.com/security/cve/CVE-2026-32647"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1642",
"url": "https://access.redhat.com/security/cve/CVE-2026-1642"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8346.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-05-11T14:31:15+00:00",
"generator": {
"date": "2026-05-11T14:31:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2026:8346",
"initial_release_date": "2026-04-15T21:09:22+00:00",
"revision_history": [
{
"date": "2026-04-15T21:09:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:02:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-11T14:31:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-main@aarch64",
"product": {
"name": "nginx-main@aarch64",
"product_id": "nginx-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.30.0-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-main@src",
"product": {
"name": "nginx-main@src",
"product_id": "nginx-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.30.0-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-main@x86_64",
"product": {
"name": "nginx-main@x86_64",
"product_id": "nginx-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx@1.30.0-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-main@noarch",
"product": {
"name": "nginx-main@noarch",
"product_id": "nginx-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nginx-all-modules@1.30.0-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nginx-main@aarch64"
},
"product_reference": "nginx-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nginx-main@noarch"
},
"product_reference": "nginx-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nginx-main@src"
},
"product_reference": "nginx-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nginx-main@x86_64"
},
"product_reference": "nginx-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53859",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-08-13T15:00:48.969058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388238"
}
],
"notes": [
{
"category": "description",
"text": "A memory access flaw has been discovered in nginx. The ngx_mail_smtp_module might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory. As a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue occurs during the NGINX SMTP authentication process, requiring the attacker to prepare against the target system to extract the leaked data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: NGINX ngx_mail_smtp_module vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53859"
},
{
"category": "external",
"summary": "RHBZ#2388238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388238"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53859",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53859"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000152786",
"url": "https://my.f5.com/manage/s/article/K000152786"
}
],
"release_date": "2025-08-13T14:46:55.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nginx: NGINX ngx_mail_smtp_module vulnerability"
},
{
"cve": "CVE-2026-1642",
"cwe": {
"id": "CWE-349",
"name": "Acceptance of Extraneous Untrusted Data With Trusted Data"
},
"discovery_date": "2026-02-04T16:00:52.156255+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436738"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security (TLS) servers, An attacker with a man-in-the-middle (MITM) position on the upstream server side\u2014along with conditions beyond the attacker\u0027s control\u2014may be able to inject plain text data into the response from an upstream proxied server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1642"
},
{
"category": "external",
"summary": "RHBZ#2436738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436738"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1642"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000159824",
"url": "https://my.f5.com/manage/s/article/K000159824"
}
],
"release_date": "2026-02-04T15:02:06.154000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections"
},
{
"cve": "CVE-2026-27651",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-03-24T15:02:32.414082+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX, specifically within the ngx_mail_auth_http_module. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of Service (DoS), making the affected NGINX instance unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27651"
},
{
"category": "external",
"summary": "RHBZ#2450791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27651",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27651"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27651",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27651"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000160383",
"url": "https://my.f5.com/manage/s/article/K000160383"
}
],
"release_date": "2026-03-24T14:13:27.295000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled"
},
{
"cve": "CVE-2026-27654",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-24T15:01:19.814138+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450776"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngx_http_dav_module module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to the termination of the NGINX worker process, resulting in a Denial of Service (DoS), or allow for the modification of source or destination file names outside the intended document root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27654"
},
{
"category": "external",
"summary": "RHBZ#2450776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27654",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27654"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27654",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27654"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000160382",
"url": "https://my.f5.com/manage/s/article/K000160382"
}
],
"release_date": "2026-03-24T14:13:26.879000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module"
},
{
"cve": "CVE-2026-27784",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-03-24T15:02:07.092253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450785"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX Open Source, specifically within the ngx_http_mp4_module. An attacker can exploit this memory corruption vulnerability by providing a specially crafted MP4 file. This can lead to an over-read or over-write of NGINX worker memory, causing the worker to terminate and resulting in a Denial of Service (DoS). This issue affects 32-bit NGINX Open Source when built with the ngx_http_mp4_module and the mp4 directive is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27784"
},
{
"category": "external",
"summary": "RHBZ#2450785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27784",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27784"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000160364",
"url": "https://my.f5.com/manage/s/article/K000160364"
}
],
"release_date": "2026-03-24T14:13:25.343000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file"
},
{
"cve": "CVE-2026-28753",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-03-24T15:01:42.770880+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450780"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX Plus and NGINX Open Source, specifically within the ngx_mail_smtp_module. This vulnerability allows an attacker-controlled DNS (Domain Name System) server to inject arbitrary headers into SMTP (Simple Mail Transfer Protocol) upstream requests. This is due to the improper handling of Carriage Return (CRLF) sequences in DNS responses. The primary consequence is the potential manipulation of these requests, which could alter their intended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28753"
},
{
"category": "external",
"summary": "RHBZ#2450780",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450780"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28753",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28753"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28753",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28753"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000160367",
"url": "https://my.f5.com/manage/s/article/K000160367"
}
],
"release_date": "2026-03-24T14:13:26.107000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests"
},
{
"cve": "CVE-2026-28755",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-24T15:01:35.937683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450779"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX, specifically within its `ngx_stream_ssl_module`. When NGINX is configured to verify client certificates and use the Online Certificate Status Protocol (OCSP) for revocation checks, it fails to properly enforce the revocation status. This allows a Transport Layer Security (TLS) handshake to complete successfully, even if the client\u0027s certificate has been identified as revoked. Consequently, systems using revoked certificates may still be able to establish connections, potentially leading to unauthorized access or communication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "NGINX: NGINX: Certificate revocation bypass when OCSP is enabled",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28755"
},
{
"category": "external",
"summary": "RHBZ#2450779",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450779"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28755"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28755",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28755"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000160368",
"url": "https://my.f5.com/manage/s/article/K000160368"
}
],
"release_date": "2026-03-24T14:13:26.502000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "NGINX: NGINX: Certificate revocation bypass when OCSP is enabled"
},
{
"acknowledgments": [
{
"names": [
"Pavel Kohout"
],
"organization": "Aisle Research"
}
],
"cve": "CVE-2026-32647",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2026-03-20T11:44:34.715000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in NGINX\u0027s ngx_http_mp4_module. This Out-of-Bounds Read/Write vulnerability occurs due to improper handling of specially crafted MP4 files. A local authenticated attacker, by supplying a malicious MP4 file, can trigger a buffer over-read or overwrite in worker memory. This can lead to process termination, potentially causing a denial-of-service or, under certain conditions, achieving code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in the NGINX ngx_http_mp4_module is due to improper handling of specially crafted MP4 files. A local authenticated attacker could exploit this flaw by providing a malicious MP4 file, leading to a denial of service or potentially arbitrary code execution. Red Hat products utilizing NGINX with the ngx_http_mp4_module enabled are affected if untrusted MP4 files are processed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32647"
},
{
"category": "external",
"summary": "RHBZ#2449598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32647"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32647",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32647"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000160366",
"url": "https://my.f5.com/manage/s/article/K000160366"
}
],
"release_date": "2026-03-24T18:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-15T21:09:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8346"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the ngx_http_mp4_module in your NGINX configuration if MP4 file processing is not required. This can be done by commenting out or removing the mp4 directive from the NGINX configuration file. After modifying the configuration, a reload or restart of the NGINX service is required for the changes to take effect.\n\nAlternatively, restrict access to the NGINX server to trusted networks and users to prevent the upload and processing of malicious MP4 files.",
"product_ids": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nginx-main@aarch64",
"Red Hat Hardened Images:nginx-main@noarch",
"Red Hat Hardened Images:nginx-main@src",
"Red Hat Hardened Images:nginx-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files"
}
]
}
SUSE-SU-2025:03444-1
Vulnerability from csaf_suse - Published: 2025-10-01 12:42 - Updated: 2025-10-01 12:42Summary
Security update for nginx
Severity
Moderate
Notes
Title of the patch: Security update for nginx
Description of the patch: This update for nginx fixes the following issues:
- CVE-2025-53859:the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070).
- CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851).
Patchnames: SUSE-2025-3444,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3444,SUSE-SLE-Module-Server-Applications-15-SP7-2025-3444,openSUSE-SLE-15.6-2025-3444
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nginx",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nginx fixes the following issues:\n\n- CVE-2025-53859:the server side may leak arbitrary bytes during the NGINX SMTP authentication process (bsc#1248070).\n- CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 (bsc#1236851).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3444,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3444,SUSE-SLE-Module-Server-Applications-15-SP7-2025-3444,openSUSE-SLE-15.6-2025-3444",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03444-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03444-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503444-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03444-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/041989.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236851",
"url": "https://bugzilla.suse.com/1236851"
},
{
"category": "self",
"summary": "SUSE Bug 1248070",
"url": "https://bugzilla.suse.com/1248070"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23419 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53859 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53859/"
}
],
"title": "Security update for nginx",
"tracking": {
"current_release_date": "2025-10-01T12:42:59Z",
"generator": {
"date": "2025-10-01T12:42:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03444-1",
"initial_release_date": "2025-10-01T12:42:59Z",
"revision_history": [
{
"date": "2025-10-01T12:42:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.5-150600.10.12.1.aarch64",
"product": {
"name": "nginx-1.21.5-150600.10.12.1.aarch64",
"product_id": "nginx-1.21.5-150600.10.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.5-150600.10.12.1.i586",
"product": {
"name": "nginx-1.21.5-150600.10.12.1.i586",
"product_id": "nginx-1.21.5-150600.10.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-source-1.21.5-150600.10.12.1.noarch",
"product": {
"name": "nginx-source-1.21.5-150600.10.12.1.noarch",
"product_id": "nginx-source-1.21.5-150600.10.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.5-150600.10.12.1.ppc64le",
"product": {
"name": "nginx-1.21.5-150600.10.12.1.ppc64le",
"product_id": "nginx-1.21.5-150600.10.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.5-150600.10.12.1.s390x",
"product": {
"name": "nginx-1.21.5-150600.10.12.1.s390x",
"product_id": "nginx-1.21.5-150600.10.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nginx-1.21.5-150600.10.12.1.x86_64",
"product": {
"name": "nginx-1.21.5-150600.10.12.1.x86_64",
"product_id": "nginx-1.21.5-150600.10.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.5-150600.10.12.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch"
},
"product_reference": "nginx-source-1.21.5-150600.10.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.5-150600.10.12.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch"
},
"product_reference": "nginx-source-1.21.5-150600.10.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-1.21.5-150600.10.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64"
},
"product_reference": "nginx-1.21.5-150600.10.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nginx-source-1.21.5-150600.10.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
},
"product_reference": "nginx-source-1.21.5-150600.10.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-23419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23419"
}
],
"notes": [
{
"category": "general",
"text": "When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64",
"openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23419",
"url": "https://www.suse.com/security/cve/CVE-2025-23419"
},
{
"category": "external",
"summary": "SUSE Bug 1236851 for CVE-2025-23419",
"url": "https://bugzilla.suse.com/1236851"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64",
"openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64",
"openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-01T12:42:59Z",
"details": "moderate"
}
],
"title": "CVE-2025-23419"
},
{
"cve": "CVE-2025-53859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53859"
}
],
"notes": [
{
"category": "general",
"text": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64",
"openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53859",
"url": "https://www.suse.com/security/cve/CVE-2025-53859"
},
{
"category": "external",
"summary": "SUSE Bug 1248070 for CVE-2025-53859",
"url": "https://bugzilla.suse.com/1248070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64",
"openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP6:nginx-source-1.21.5-150600.10.12.1.noarch",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-1.21.5-150600.10.12.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP7:nginx-source-1.21.5-150600.10.12.1.noarch",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.aarch64",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.ppc64le",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.s390x",
"openSUSE Leap 15.6:nginx-1.21.5-150600.10.12.1.x86_64",
"openSUSE Leap 15.6:nginx-source-1.21.5-150600.10.12.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-01T12:42:59Z",
"details": "low"
}
],
"title": "CVE-2025-53859"
}
]
}
WID-SEC-W-2025-1817
Vulnerability from csaf_certbund - Published: 2025-08-13 22:00 - Updated: 2025-10-01 22:00Summary
NGINX: Schwachstelle ermöglicht Offenlegung von Informationen
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: NGINX ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy Software.
NGINX Plus ist die kommerzielle Variante von NGINX, einer Webserver-, Reverse Proxy- und E-Mail Proxy Software.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NGINX und NGINX NGINX Plus ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
NGINX NGINX 0.7 <1.29.1
NGINX / NGINX
|
0.7 <1.29.1 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
NGINX NGINX Plus R33 <R33 P3
NGINX / NGINX Plus
|
R33 <R33 P3 | ||
|
NGINX NGINX Plus R32 <R32 P3
NGINX / NGINX Plus
|
R32 <R32 P3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
NGINX NGINX Plus R30
NGINX / NGINX Plus
|
cpe:/a:nginx:nginx_plus:r30
|
R30 | |
|
NGINX NGINX Plus R31
NGINX / NGINX Plus
|
cpe:/a:nginx:nginx_plus:r31
|
R31 | |
|
NGINX NGINX Plus R34 <R34 P2
NGINX / NGINX Plus
|
R34 <R34 P2 |
References
10 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "NGINX ist eine Webserver-, Reverse Proxy- und E-Mail-Proxy Software.\r\nNGINX Plus ist die kommerzielle Variante von NGINX, einer Webserver-, Reverse Proxy- und E-Mail Proxy Software.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in NGINX und NGINX NGINX Plus ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1817 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1817.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1817 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1817"
},
{
"category": "external",
"summary": "F5 Security Advisory K000152786 vom 2025-08-13",
"url": "https://my.f5.com/manage/s/article/K000152786"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2388238 vom 2025-08-13",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388238"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15450-1 vom 2025-08-16",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XOJA3M7XBK43KBYHINPYOYFJRABKA6XN/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2NGINX1-2025-009 vom 2025-08-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2NGINX1-2025-009.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7715-1 vom 2025-08-25",
"url": "https://ubuntu.com/security/notices/USN-7715-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03089-1 vom 2025-09-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022395.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03243-1 vom 2025-09-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-September/022554.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03444-1 vom 2025-10-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6JIB47EAYRUZ4F35CJEO6OJ2ZG4MJDRC/"
}
],
"source_lang": "en-US",
"title": "NGINX: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2025-10-01T22:00:00.000+00:00",
"generator": {
"date": "2025-10-02T08:18:56.262+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1817",
"initial_release_date": "2025-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2025-08-19T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2025-08-25T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-09-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-17T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-10-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "0.7 \u003c1.29.1",
"product": {
"name": "NGINX NGINX 0.7 \u003c1.29.1",
"product_id": "T046195"
}
},
{
"category": "product_version",
"name": "0.7 1.29.1",
"product": {
"name": "NGINX NGINX 0.7 1.29.1",
"product_id": "T046195-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx:1.29.1"
}
}
}
],
"category": "product_name",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_version",
"name": "R30",
"product": {
"name": "NGINX NGINX Plus R30",
"product_id": "T046196",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r30"
}
}
},
{
"category": "product_version",
"name": "R31",
"product": {
"name": "NGINX NGINX Plus R31",
"product_id": "T046197",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r31"
}
}
},
{
"category": "product_version_range",
"name": "R33 \u003cR33 P3",
"product": {
"name": "NGINX NGINX Plus R33 \u003cR33 P3",
"product_id": "T046198"
}
},
{
"category": "product_version",
"name": "R33 R33 P3",
"product": {
"name": "NGINX NGINX Plus R33 R33 P3",
"product_id": "T046198-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r33_p3"
}
}
},
{
"category": "product_version_range",
"name": "R32 \u003cR32 P3",
"product": {
"name": "NGINX NGINX Plus R32 \u003cR32 P3",
"product_id": "T046199"
}
},
{
"category": "product_version",
"name": "R32 R32 P3",
"product": {
"name": "NGINX NGINX Plus R32 R32 P3",
"product_id": "T046199-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r32_p3"
}
}
},
{
"category": "product_version_range",
"name": "R34 \u003cR34 P2",
"product": {
"name": "NGINX NGINX Plus R34 \u003cR34 P2",
"product_id": "T046200"
}
},
{
"category": "product_version",
"name": "R34 R34 P2",
"product": {
"name": "NGINX NGINX Plus R34 R34 P2",
"product_id": "T046200-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:nginx:nginx_plus:r34_p2"
}
}
}
],
"category": "product_name",
"name": "NGINX Plus"
}
],
"category": "vendor",
"name": "NGINX"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-53859",
"product_status": {
"known_affected": [
"T002207",
"T046195",
"T000126",
"T027843",
"T046198",
"T046199",
"398363",
"T046196",
"T046197",
"T046200"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-53859"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…