PT-2025-33004 · Nginx+6 · Nginx Open Source+8
Published
2025-07-29
·
Updated
2026-06-03
·
CVE-2025-53859
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
NGINX versions prior to 1.28.1
NGINX versions prior to 1.29.1
Description
NGINX Open Source and NGINX Plus are affected by a vulnerability in the
ngx mail smtp module. This flaw could allow an unauthenticated attacker to read data from NGINX SMTP authentication process memory, potentially leaking arbitrary bytes sent in a request to the authentication server. The issue occurs during the SMTP authentication process and requires the attacker to prepare the target system to extract the leaked data. The vulnerability is present when the ngx mail smtp module is built with NGINX, the smtp auth directive is configured with the method "none", and the authentication server returns the "Auth-Wait" response header.Recommendations
Update NGINX to version 1.28.1 or later.
Update NGINX to version 1.29.1 or later.
Fix
RCE
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Linuxmint
Nginx Open Source
Nginx Plus
Nginx
Red Os
Suse
Ubuntu