CVE-2025-53859

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-53859
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-53859.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-53859
Aliases
Downstream
Published
2025-08-13T15:15:37Z
Modified
2025-09-06T15:52:51.484982Z
Summary
[none]
Details

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngxmailsmtpmodule, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

Affected packages

Debian:11 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.18.0-6.1
1.18.0-6.1+deb11u1
1.18.0-6.1+deb11u2
1.18.0-6.1+deb11u3
1.18.0-6.1+deb11u4
1.18.0-6.1+deb11u5
1.18.0-7
1.18.0-8
1.18.0-9
1.20.2-1
1.20.2-2
1.20.2-3~exp1
1.22.0-1~exp1
1.22.0-1~exp2
1.22.0-1
1.22.0-2~exp1
1.22.0-2~exp2
1.22.0-2~exp3
1.22.0-2~exp4
1.22.0-2
1.22.0-3
1.22.0-3.1
1.22.1-1~exp1
1.22.1-1~exp2
1.22.1-1
1.22.1-2~exp1
1.22.1-2~exp2
1.22.1-2
1.22.1-3~exp1
1.22.1-3
1.22.1-4
1.22.1-5
1.22.1-6~exp1
1.22.1-6
1.22.1-7
1.22.1-8
1.22.1-9
1.24.0-1~exp1
1.24.0-1
1.24.0-2
1.26.0-1~exp1
1.26.0-1
1.26.0-2
1.26.0-3
1.26.2-1
1.26.3-1
1.26.3-2
1.26.3-3
1.28.0-1
1.28.0-2
1.28.0-3
1.28.0-4
1.28.0-5

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.1-9+deb12u3

Affected versions

1.*

1.22.1-9
1.22.1-9+deb12u1
1.22.1-9+deb12u2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.26.3-3+deb13u1

Affected versions

1.*

1.26.3-3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / nginx

Package

Name
nginx
Purl
pkg:deb/debian/nginx?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.28.0-3

Affected versions

1.*

1.26.3-3
1.28.0-1
1.28.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}