CVE-2025-55740

Name of the Vulnerable Software and Affected Versions: nginx-defender versions prior to 1.5.0

Description: nginx-defender deployments are susceptible to a configuration issue due to the presence of default credentials in example configuration files, such as config.yaml and docker-compose.yml. These default credentials include default password: "change me please" and GF SECURITY ADMIN PASSWORD=admin123. If these defaults are not changed during deployment, attackers with network access could gain administrative control, potentially bypassing security protections.

Recommendations: Update to version 1.5.0 or later. Change the default credentials in config.yaml and docker-compose.yml immediately. Specifically, update default password and GF SECURITY ADMIN PASSWORD.