SB20251001206 - SUSE update for nginx
Published: October 1, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2025-23419)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an TLS session resumption when handling client certificate authentication. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Successful exploitation of the vulnerability requires that name-based virtual hosts are configured to share the same IP address and port combination and have TLS 1.3 and OpenSSL. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication.
2) Out-of-bounds read (CVE-ID: CVE-2025-53859)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a boundary condition in the ngx_mail_smtp_module. A remote attacker can force the server to leak arbitrary bytes sent in a request to the authentication server.
This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Remediation
Install update from vendor's website.