CVE-2025-50579
CVE-2025-50579
In short
Nginx Proxy Manager v2.12.3 has a security flaw where it doesn't properly check which websites are allowed to access its data. This lets attackers trick a user's browser into sending sensitive login tokens to a malicious website.
Technical detail
The application improperly validates the Origin header in CORS policy, allowing unauthorized domains to request and receive JWT tokens. An attacker can exploit this via client-side script injection to exfiltrate authentication tokens to an attacker-controlled server, leading to unauthorized session hijacking or privilege escalation.
Summary generated and translated by AI from the official description.
A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →