CVE-2025-50579
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2025-09-24

Assigner: MITRE

Description
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2025-09-24
Generated
2026-05-07
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-50579
EUVD
EUVD-2025-25216
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jc21 nginx_proxy_manager 2.12.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1259 The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Cross-Origin Resource Sharing (CORS) misconfiguration in Nginx Proxy Manager version 2.12.3. It occurs because the application improperly validates the Origin header, allowing unauthorized third-party domains to access sensitive data such as JSON Web Tokens (JWTs). Attackers can exploit this by using a simple browser script to send requests to certain API endpoints, intercept the JWT tokens returned, and exfiltrate them to a server they control. [1]


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access and account takeover by allowing attackers to steal JWT tokens. With these tokens, attackers can impersonate legitimate users, access sensitive application data, cause data leakage, disrupt services, and compromise confidentiality. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by testing the CORS configuration on the affected endpoints such as /api/tokens, /api/audit-log, /api/nginx/proxy-hosts, and /api/users. You can use curl commands to send requests with different Origin headers and observe if the Access-Control-Allow-Origin response header improperly allows unauthorized domains. For example, use: curl -H "Origin: http://malicious.example.com" -X POST https://your-nginx-proxy-manager/api/tokens -v and check if the response includes Access-Control-Allow-Origin: http://malicious.example.com, which indicates the misconfiguration. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include fixing the CORS misconfiguration by properly validating the Origin header on the server side. Ensure that only trusted domains are allowed to access sensitive API endpoints such as /api/tokens, /api/audit-log, /api/nginx/proxy-hosts, and /api/users. This prevents unauthorized domains from accessing JWT tokens and other sensitive data. Applying any available patches or updates from Nginx Proxy Manager that address this issue is also critical. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart