CVE-2025-50579

EPSS 0.07% · P22 Updated Aug 20, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-50579

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfiguration enables attackers to intercept tokens using a simple browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions within the application.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nginx Proxy Manager 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Nginx Proxy Manager是Nginx Proxy Manager开源的一个 Docker 容器。用于通过简单、强大的接口管理 Nginx 代理主机。 Nginx Proxy Manager v2.12.3版本存在安全漏洞，该漏洞源于CORS配置不当，可能导致数据泄露。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2025-50579

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-50579

请登录查看更多情报信息。

Same Patch Batch · n/a · 2025-08-19 · 32 CVEs total

CVE-2025-9139	4.3 MEDIUM	Scada-LTS WatchListDwr.init.dwr information disclosure
CVE-2025-9171	3.5 LOW	SolidInvoice Clients clients cross site scripting
CVE-2025-9170	3.5 LOW	SolidInvoice Tax Rates rates cross site scripting
CVE-2025-9169	3.5 LOW	SolidInvoice Quote quotes cross site scripting
CVE-2025-9168	3.5 LOW	SolidInvoice Invoice Creation invoice cross site scripting
CVE-2025-9167	3.5 LOW	SolidInvoice Recurring Invoice recurring cross site scripting
CVE-2025-9145	3.5 LOW	Scada-LTS SVG File view_edit.shtm cross site scripting
CVE-2025-9144	3.5 LOW	Scada-LTS publisher_edit.shtm cross site scripting
CVE-2025-9143	3.5 LOW	Scada-LTS mailing_lists.shtm cross site scripting
CVE-2025-9138	3.5 LOW	Scada-LTS new cross site scripting
CVE-2025-9137	3.5 LOW	Scada-LTS scheduled_events.shtm cross site scripting
CVE-2025-9165	2.5 LOW	LibTIFF tiffcmp tiffcmp.c InitCCITTFax3 memory leak
CVE-2025-52338		LogicData eCommerce Framework 安全漏洞
CVE-2025-51543		Cicool web builder 3.4.4 安全漏洞
CVE-2025-50926		Easy Hosting Control Panel EHCP 安全漏洞
CVE-2025-52337		LogicData eCommerce Framework 安全漏洞
CVE-2025-54336		Plesk Obsidian 安全漏洞
CVE-2024-44373		Allsky Camera 安全漏洞
CVE-2025-51506		TalentNeuron Suite 安全漏洞
CVE-2025-51540		EzGED 安全漏洞

Showing top 20 of 32 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2025-50579

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-50579

I. Basic Information for CVE-2025-50579

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-50579

III. Intelligence Information for CVE-2025-50579

Same Patch Batch · n/a · 2025-08-19 · 32 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-50579

Leave a comment