CVE-2025-53859 | THREATINT

Description

NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

PUBLISHED Reserved 2025-07-29 | Published 2025-08-13 | Updated 2025-08-13 | Assigner f5

LOW: 3.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

MEDIUM: 6.3CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status

unknown

R35

unaffected

R34 before R34 P2

affected

R33 before R33 P3

affected

R32 before R32 P3

affected

R31 before *

affected

R30 before *

affected

Default status

unknown

0.7 before 1.29.1

affected

Credits

F5 acknowledges the Amazon Web Services Security team for bringing this issue to our attention and following the highest standards of coordinated disclosure. reporter

References

my.f5.com/manage/s/article/K000152786 vendor-advisory

cve.org (CVE-2025-53859)

nvd.nist.gov (CVE-2025-53859)

Download JSON