CVE-2025-67900
Environment Variable Injection in NXLog Agent Before
Publication date: 2025-12-14
Last updated on: 2025-12-14
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nxlog | nxlog_agent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss how CVE-2025-67900 affects compliance with common standards and regulations such as GDPR or HIPAA. However, given the vulnerability allows loading a file specified by the OPENSSL_CONF environment variable, which could lead to high impact on confidentiality, integrity, and availability (CVSS 8.1), it may pose risks to data security and integrity. Additionally, known issues causing log rotation failures and potential data loss could impact reliable logging and audit trails, which are important for compliance. Nonetheless, no direct statements about compliance impact are provided. [1]
Can you explain this vulnerability to me?
This vulnerability exists in NXLog Agent versions before 6.11, where the software can load a file specified by the OPENSSL_CONF environment variable. This behavior can potentially be exploited by an attacker to influence the configuration of OpenSSL used by the agent.
How can this vulnerability impact me? :
The vulnerability can lead to a high impact on confidentiality, integrity, and availability, as indicated by the CVSS score. An attacker with local access could exploit this to manipulate OpenSSL configurations, potentially leading to unauthorized data access, data modification, or denial of service.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying NXLog Agent versions prior to 6.11 running on your systems, as these versions can load a file specified by the OPENSSL_CONF environment variable. You can check the installed NXLog Agent version by running commands such as 'nxlog -v' or checking the service version on your system. Additionally, verifying if the OPENSSL_CONF environment variable is set in the NXLog Agent runtime environment can help detect potential exposure. For example, on Linux, you can use 'ps aux | grep nxlog' to see environment variables or 'env | grep OPENSSL_CONF' within the NXLog service context. On Windows, you can check environment variables for the NXLog service or inspect the service configuration. Since the vulnerability relates to environment variable usage, monitoring for unexpected or suspicious OPENSSL_CONF settings in the NXLog Agent environment is key. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the NXLog Agent to version 6.11 or later, as this version clears the OPENSSL_CONF environment variable during installation to prevent the vulnerability. If upgrading immediately is not possible, ensure that the OPENSSL_CONF environment variable is not set or used by the NXLog Agent process to avoid loading unintended OpenSSL configuration files. Additionally, review and restrict environment variables and configurations related to OpenSSL in the NXLog Agent runtime environment to reduce risk. [1]