CVE-2025-53859
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-11-04
Assigner: F5 Networks
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| f5 | nginx_plus | r30 |
| f5 | nginx_plus | r31 |
| f5 | nginx_plus | r32 |
| f5 | nginx_plus | r32 |
| f5 | nginx_plus | r32 |
| f5 | nginx_plus | r33 |
| f5 | nginx_plus | r33 |
| f5 | nginx_plus | r33 |
| f5 | nginx_plus | r34 |
| f5 | nginx_plus | r34 |
| f5 | nginx_open_source | From 0.7.22 (inc) to 1.29.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in NGINX Open Source and NGINX Plus within the ngx_mail_smtp_module. It allows an unauthenticated attacker to over-read memory during the SMTP authentication process. Specifically, if NGINX is built with the ngx_mail_smtp_module, configured with smtp_auth method set to "none," and the authentication server returns the "Auth-Wait" response header, the attacker can cause the server to leak arbitrary bytes from its memory that were sent in a request to the authentication server. Exploiting this requires the attacker to prepare against the target system to extract the leaked data.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can obtain arbitrary bytes from the server's memory during the SMTP authentication process without authentication. This could lead to leakage of sensitive information that was sent in requests to the authentication server. However, exploitation requires specific conditions and preparation by the attacker. The CVSS v4.0 base score of 6.3 indicates a moderate severity with network attack vector and low complexity.