Skip to main content

Nginx CVE-2025-62126

MEDIUM
Insertion of Sensitive Information Into Sent Data (CWE-201)
2025-12-31 audit@patchstack.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.3 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

DescriptionCVE.org

Insertion of Sensitive Information Into Sent Data vulnerability in Razvan Stanga Varnish/Nginx Proxy Caching vcaching allows Retrieve Embedded Sensitive Data.This issue affects Varnish/Nginx Proxy Caching: from n/a through <= 1.8.3.

AnalysisAI

Information disclosure in Razvan Stanga's Varnish/Nginx Proxy Caching WordPress plugin through version 1.8.3 allows sensitive data embedded in cached responses to be exposed to unauthorized users. The vulnerability stems from improper handling of sensitive information during proxy caching operations, enabling attackers to retrieve cached data containing credentials, tokens, or other confidential material. No authentication is required to exploit this issue, and EPSS analysis indicates a 4.43% probability of exploitation (89th percentile), suggesting moderate real-world risk despite the lack of known public exploits.

Technical ContextAI

The vulnerability is rooted in CWE-201 (Insertion of Sensitive Information Into Sent Data), which occurs when applications transmit sensitive information in responses that can be cached by intermediate proxies. In this case, the Varnish/Nginx Proxy Caching plugin for WordPress fails to properly sanitize or exclude sensitive data from responses before they are cached. The plugin is designed to improve performance by caching dynamic WordPress content through Varnish and Nginx reverse proxies. When sensitive information (such as session tokens, API keys, or personally identifiable information) is inadvertently included in cacheable responses without proper cache-control headers or content filtering, it becomes retrievable from the cache by any attacker who can access the cache layer or proxy server. This is particularly dangerous in shared hosting or CDN environments where multiple users or applications may share infrastructure.

Affected ProductsAI

The vulnerability affects the Varnish/Nginx Proxy Caching plugin (vcaching) for WordPress, authored by Razvan Stanga, in all versions from initial release through version 1.8.3. The plugin is available on the WordPress plugin repository and is identified by the slug 'vcaching'. Users running any version at or below 1.8.3 are affected. The plugin integrates with Varnish and Nginx reverse proxies to cache WordPress content, so vulnerability exposure depends on both plugin installation and active use of proxy caching infrastructure.

RemediationAI

Update the Varnish/Nginx Proxy Caching plugin to version 1.8.4 or later as soon as possible. Users should navigate to their WordPress admin dashboard, go to Plugins > Installed Plugins, locate 'Varnish/Nginx Proxy Caching', and click 'Update Now'. For detailed patch information and advisory details, refer to the Patchstack database entry at https://patchstack.com/database/Wordpress/Plugin/vcaching/vulnerability/wordpress-varnish-nginx-proxy-caching-plugin-1-8-3-sensitive-data-exposure-vulnerability. In the interim, administrators should review cache configuration to ensure Cache-Control headers (no-store, private) are set appropriately for responses containing sensitive data, and verify that sensitive information is stripped from cached content at the application level. Consider temporarily disabling the plugin if sensitive data exposure cannot be mitigated through configuration.

More in Nginx

View all
CVE-2013-2028 HIGH POC
7.5 Jul 20

The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cau

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2013-4547 HIGH POC
7.5 Nov 23

nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescap

CVE-2023-50919 CRITICAL POC
9.8 Jan 12

An issue was discovered on GL.iNet devices before version 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2017-7529 HIGH
7.5 Jul 13

Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range fi

CVE-2016-0742 HIGH
7.5 Feb 15

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2022-31137 CRITICAL POC
9.8 Jul 08

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated critical severity (CVSS 9.8

CVE-2014-3556 MEDIUM
6.8 Dec 29

The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and

CVE-2026-42945 CRITICAL POC
9.2 May 13

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows remote attackers to crash worker

Share

CVE-2025-62126 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy