CVE-2025-67900
Unknown Unknown - Not Provided
Environment Variable Injection in NXLog Agent Before

Publication date: 2025-12-14

Last updated on: 2025-12-14

Assigner: MITRE

Description
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-14
Last Modified
2025-12-14
Generated
2026-06-16
AI Q&A
2025-12-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67900
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nxlog nxlog_agent *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-829 The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided resources do not explicitly discuss how CVE-2025-67900 affects compliance with common standards and regulations such as GDPR or HIPAA. However, given the vulnerability allows loading a file specified by the OPENSSL_CONF environment variable, which could lead to high impact on confidentiality, integrity, and availability (CVSS 8.1), it may pose risks to data security and integrity. Additionally, known issues causing log rotation failures and potential data loss could impact reliable logging and audit trails, which are important for compliance. Nonetheless, no direct statements about compliance impact are provided. [1]

Executive Summary

This vulnerability exists in NXLog Agent versions before 6.11, where the software can load a file specified by the OPENSSL_CONF environment variable. This behavior can potentially be exploited by an attacker to influence the configuration of OpenSSL used by the agent.

Impact Analysis

The vulnerability can lead to a high impact on confidentiality, integrity, and availability, as indicated by the CVSS score. An attacker with local access could exploit this to manipulate OpenSSL configurations, potentially leading to unauthorized data access, data modification, or denial of service.

Detection Guidance

Detection of this vulnerability involves identifying NXLog Agent versions prior to 6.11 running on your systems, as these versions can load a file specified by the OPENSSL_CONF environment variable. You can check the installed NXLog Agent version by running commands such as 'nxlog -v' or checking the service version on your system. Additionally, verifying if the OPENSSL_CONF environment variable is set in the NXLog Agent runtime environment can help detect potential exposure. For example, on Linux, you can use 'ps aux | grep nxlog' to see environment variables or 'env | grep OPENSSL_CONF' within the NXLog service context. On Windows, you can check environment variables for the NXLog service or inspect the service configuration. Since the vulnerability relates to environment variable usage, monitoring for unexpected or suspicious OPENSSL_CONF settings in the NXLog Agent environment is key. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade the NXLog Agent to version 6.11 or later, as this version clears the OPENSSL_CONF environment variable during installation to prevent the vulnerability. If upgrading immediately is not possible, ensure that the OPENSSL_CONF environment variable is not set or used by the NXLog Agent process to avoid loading unintended OpenSSL configuration files. Additionally, review and restrict environment variables and configurations related to OpenSSL in the NXLog Agent runtime environment to reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67900. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart