CVE-2025-53859: 
NGINX vulnerability analysis and mitigation

A vulnerability (CVE-2025-53859) was discovered in NGINX Open Source and NGINX Plus, specifically in the ngxmailsmtpmodule. The issue allows an unauthenticated attacker to perform an over-read of NGINX SMTP authentication process memory, potentially leading to information leakage. The vulnerability affects NGINX installations that meet three specific conditions: the system must be built with ngxmailsmtpmodule, have the smtp_auth directive configured with method 'none,' and the authentication server must return an 'Auth-Wait' response header (NVD, OSS Security).

The vulnerability is classified as an out-of-bounds read (CWE-125) that occurs during the SMTP authentication process. According to the CVSS 3.1 scoring, it has received a base score of 3.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Under CVSS 4.0, it received a score of 6.3 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. The issue affects nginx versions 0.7.22-1.29.0 (NVD, OSS Security).

When exploited, this vulnerability can result in the disclosure of sensitive information through a HTTP request to the authentication server. The server side may leak arbitrary bytes that were sent in a request to the authentication server (NVD, OSS Security).

The vulnerability has been fixed in nginx version 1.29.1. For older versions, two temporary workarounds are available: either disable the 'none' parameter in the 'smtp_auth' directive or remove the 'Auth-Wait' header line in the authentication server response. A patch for the issue is available at nginx.org/download/patch.2025.smtp.txt (OSS Security).