CVE-2025-53859

EUVD-2025-24579

13.08.2025, 15:15

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.




Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
f5	CNA	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
f5	nginx_open_source	0.7.22 ≤ 𝑥 < 1.29.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

nginx

bookworm	1.22.1-9+deb12u3 fixed
bookworm (security)	1.22.1-9+deb12u4 fixed
bullseye	postponed
bullseye (security)	vulnerable
forky	1.28.1-3 fixed
sid	1.28.2-2 fixed
trixie	1.26.3-3+deb13u1 fixed
trixie (security)	1.26.3-3+deb13u2 fixed

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://my.f5.com/manage/s/article/K000152786

http://www.openwall.com/lists/oss-security/2025/08/13/5