NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 21 Oct 2025 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| CPEs | cpe:2.3:a:f5:nginx_open_source:*:*:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r30:-:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r31:-:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r32:-:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r32:p1:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r32:p2:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r33:-:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r33:p1:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r33:p2:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r34:-:*:*:*:*:*:* cpe:2.3:a:f5:nginx_plus:r34:p1:*:*:*:*:*:* | 
Sat, 16 Aug 2025 21:45:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | F5 F5 nginx Open Source F5 nginx Plus Nginx Nginx nginx | |
| Vendors & Products | F5 F5 nginx Open Source F5 nginx Plus Nginx Nginx nginx | 
Thu, 14 Aug 2025 06:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| References |  | |
| Metrics | threat_severity 
 | threat_severity 
 | 
Wed, 13 Aug 2025 16:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Wed, 13 Aug 2025 15:00:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |
| Title | NGINX ngx_mail_smtp_module vulnerability | |
| Weaknesses | CWE-125 | |
| References |  | |
| Metrics | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: f5
Published: 2025-08-13T14:46:55.471Z
Updated: 2025-08-13T15:14:55.021Z
Reserved: 2025-07-29T17:12:25.039Z
Link: CVE-2025-53859
 Vulnrichment
                        Vulnrichment
                    Updated: 2025-08-13T15:14:51.817Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2025-08-13T15:15:37.657
Modified: 2025-10-21T18:02:48.767
Link: CVE-2025-53859
 Redhat
                        Redhat