CVE-2025-55740
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-19

Last updated on: 2025-08-20

Assigner: GitHub, Inc.

Description
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-19
Last Modified
2025-08-20
Generated
2026-05-06
AI Q&A
2025-08-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-55740
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nginx defender 1.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a configuration issue in nginx-defender, a Web Application Firewall. The default configuration files include default credentials (like "change_me_please" and "admin123") that users may fail to change. If these defaults remain, attackers with network access can use them to gain administrative control over the system, bypassing security protections.


How can this vulnerability impact me? :

If the default credentials are not changed, attackers can gain administrative control over the nginx-defender system. This could allow them to bypass security protections, potentially leading to unauthorized access, manipulation, or disruption of the protected web infrastructure.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking the nginx-defender configuration files for default credentials. Specifically, look for the presence of default_password set to "change_me_please" in config.yaml and GF_SECURITY_ADMIN_PASSWORD set to "admin123" in docker-compose.yml. Commands to detect this could include: 1) grep -r 'default_password: "change_me_please"' /path/to/nginx-defender/config.yaml 2) grep -r 'GF_SECURITY_ADMIN_PASSWORD=admin123' /path/to/nginx-defender/docker-compose.yml


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability immediately, change the default credentials in the nginx-defender configuration files before deployment. Replace default_password "change_me_please" and GF_SECURITY_ADMIN_PASSWORD "admin123" with strong, unique passwords. Additionally, upgrade nginx-defender to version 1.5.0 or later where this issue is addressed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart