Primary

Context

NXLog Agent OpenSSL Configuration File Loading Vulnerability

Vulnerability

Patched

A vulnerability exists in NXLog Agent versions prior to 6.11, allowing the agent to load a file specified by the OPENSSL_CONF environment variable. This could enable unintended modifications to OpenSSL's configuration, potentially leading to security risks.

Impact

Exploitation of this vulnerability could cause OpenSSL to improperly load configurations, possibly leading to misconfigurations or security weaknesses in applications relying on OpenSSL.

Remediation

Users can upgrade to NXLog Agent version 6.11 or later, where this vulnerability has been addressed. Instructions for updating NXLog Agent can be found in the NXLog Agent Reference Manual.

Added: Dec 14, 2025, 11:17 PM

Updated: Dec 14, 2025, 11:17 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

3.5

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

5.0

exploitability

3.5

remediation

7.7

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NXLog Agent OpenSSL Configuration File Loading Vulnerability

Vulnerability

Impact

Remediation

Affected Products

NXLog Agent

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating