FKIE_CVE-2025-53859

Vulnerability from fkie_nvd - Published: 2025-08-13 15:15 - Updated: 2025-11-04 22:16
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
f5sirt@f5.comhttps://my.f5.com/manage/s/article/K000152786Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2025/08/13/5
Impacted products
Vendor Product Version
f5 nginx_plus r30
f5 nginx_plus r31
f5 nginx_plus r32
f5 nginx_plus r32
f5 nginx_plus r32
f5 nginx_plus r33
f5 nginx_plus r33
f5 nginx_plus r33
f5 nginx_plus r34
f5 nginx_plus r34
f5 nginx_open_source *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:*",
              "matchCriteriaId": "96BF2B19-52C7-4051-BA58-CAE6F912B72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:*",
              "matchCriteriaId": "8248517E-D805-4928-8252-2168472341EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:*",
              "matchCriteriaId": "36C4308E-651E-437C-84E7-10C542E3ADC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:*",
              "matchCriteriaId": "FA913184-EAAD-409E-99C6-AB979DAA93F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:*",
              "matchCriteriaId": "782DF180-1101-4D6A-A1D7-8DADBAF6D9D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:*",
              "matchCriteriaId": "514B0A2A-E2FD-4DB7-B5B8-5C59F1D60AD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:*",
              "matchCriteriaId": "46DC49B8-7286-4867-9CDA-1C1B469CD304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:*",
              "matchCriteriaId": "43477C2E-7485-4146-B25C-F58D632CD85B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:*",
              "matchCriteriaId": "25292797-19EC-446B-BB26-FAC7A280F61D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:*",
              "matchCriteriaId": "7453D683-FCA7-46EE-BE49-5FD9A01D7F87",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F418AB-2C97-42AF-9D5F-5F27B7451046",
              "versionEndExcluding": "1.29.1",
              "versionStartIncluding": "0.7.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method \"none,\" and (3) the authentication server returns the \"Auth-Wait\" response header.\n\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "NGINX Open Source y NGINX Plus presentan una vulnerabilidad en el m\u00f3dulo ngx_mail_smtp_module que podr\u00eda permitir que un atacante no autenticado sobrelea la memoria del proceso de autenticaci\u00f3n SMTP de NGINX. Como resultado, el servidor podr\u00eda filtrar bytes arbitrarios enviados en una solicitud al servidor de autenticaci\u00f3n. Este problema ocurre durante el proceso de autenticaci\u00f3n SMTP de NGINX y requiere que el atacante realice preparativos en el sistema objetivo para extraer los datos filtrados. El problema afecta a NGINX solo si (1) se compila con el m\u00f3dulo ngx_mail_smtp_module, (2) la directiva smtp_auth est\u00e1 configurada con el m\u00e9todo \"none\" y (3) el servidor de autenticaci\u00f3n devuelve el encabezado de respuesta \"Auth-Wait\". Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan."
    }
  ],
  "id": "CVE-2025-53859",
  "lastModified": "2025-11-04T22:16:27.033",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 1.4,
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "f5sirt@f5.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-13T15:15:37.657",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K000152786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2025/08/13/5"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.