Home > Vulnerability Database > CVE-2025-55740

Mend.io Vulnerability Database

CVE-2025-55740

Good to know:

Date: August 19, 2025

nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.

Severity Score

6.5

Related Resources (5)

Url: https://github.com/Anipaleja/nginx-defender/security/advisories/GHSA-pr72-8fxw-xx22

Url: https://pkg.go.dev/vuln/GO-2025-3896

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55740

Url: https://github.com/Anipaleja/nginx-defender

Url: https://www.mend.io/vulnerability-database/CVE-2025-55740

Severity Score

6.5

Weakness Type (CWE)

Use of Default Credentials

CWE-1392

Top Fix

Upgrade Version

Upgrade to version github.com/Anipaleja/nginx-defender - v1.5.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55740

Good to know:

Date: August 19, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?