CVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.
CVE-2025-55740: CWE-1392: Use of Default Credentials in Anipaleja nginx-defender
Description
nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-08-14T22:31:17.684Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68a4d876ad5a09ad00fab184
Added to database: 8/19/2025, 8:03:02 PM
Last updated: 8/19/2025, 8:03:02 PM
Views: 1
Related Threats
CVE-2025-51529: n/a
MediumCVE-2025-50579: n/a
MediumCVE-2025-51543: n/a
UnknownCVE-2025-50926: n/a
UnknownCVE-2025-9156: SQL Injection in itsourcecode Sports Management System
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.