CNNVD-202508-1348 Information
CNNVD ID
CNNVD-202508-1348
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
F5 NGINX Plus和F5 NGINX Open Source都是美国F5公司的产品。F5 NGINX Plus是一个基于软件的应用程序交付平台。F5 NGINX Open Source是一个高性能Web服务器、反向代理服务器、负载均衡器和API网关。 F5 NGINX Plus和F5 NGINX Open Source存在缓冲区错误漏洞,该漏洞源于ngx_mail_smtp_module在特定配置下可能泄露认证过程中的内存数据。
Description (English)
F5 NGINX Plus and F5 NGINX Open Source are products of United States F5. F5 NGINX Plus is a software-based application delivery platform. F5 NGINX Open Source is a high-performance Web server, reverse proxy server, load balancer and API gateway. F5 NGINX Plus and F5 NGINX Open Source had an error loophole in the buffer zone that originated from the possibility that ngx mail smtp module might leak memory data from the authentication process under specific configurations.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
F5
Published
2025-08-13
Last Modified
2026-02-24
References
https://my.f5.com/manage/s/article/K000152786 https://access.redhat.com/security/cve/cve-2025-53859
Patch
https://my.f5.com/manage/s/article/K000152786
Share on: