CVE-2025-67900 affects NXLog Agent versions prior to 6.11 by allowing the software to load a configuration file specified by the OPENSSL_CONF environment variable. This environment variable is intended to point to OpenSSL configuration files, but since NXLog Agent does not properly validate or restrict this input, an attacker with local access can set OPENSSL_CONF to a malicious file. This leads to CWE-829, where functionality from an untrusted control sphere is included, potentially allowing the attacker to influence cryptographic operations or execute arbitrary code within the context of the NXLog Agent process. The vulnerability has a CVSS 3.1 base score of 8.1, with vector AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H, indicating local attack vector, high attack complexity, no privileges required, no user interaction, and a scope change with high impact on confidentiality, integrity, and availability. NXLog Agent is widely used for log collection and forwarding in enterprise and critical infrastructure environments, making this vulnerability significant. Although no known exploits are currently in the wild, the potential for privilege escalation or code execution makes this a critical issue to address. The lack of a patch link suggests that remediation may require upgrading to version 6.11 or later once available.

For European organizations, this vulnerability poses a significant risk to the security of log management infrastructure. Compromise of NXLog Agent can lead to unauthorized access to sensitive log data, manipulation or deletion of logs (impacting forensic and compliance capabilities), and potential lateral movement within networks if attackers gain code execution. Critical sectors such as finance, energy, healthcare, and government rely heavily on log aggregation and monitoring tools like NXLog, increasing the potential impact. The vulnerability’s requirement for local access limits remote exploitation but insider threats or attackers who have already gained foothold can leverage this flaw to escalate privileges or maintain persistence. Disruption of log collection can also impair incident detection and response capabilities, increasing overall organizational risk.

European organizations should immediately audit their use of NXLog Agent and identify versions prior to 6.11. Until an official patch or upgrade is available, restrict local user permissions to prevent unauthorized environment variable manipulation, especially the OPENSSL_CONF variable. Employ application whitelisting and environment hardening to limit the ability of untrusted users to influence process environments. Monitor for unusual changes to environment variables and unexpected NXLog Agent behavior. Consider isolating NXLog Agent processes in hardened containers or sandboxes to reduce impact of potential exploitation. Once available, upgrade NXLog Agent to version 6.11 or later that addresses this vulnerability. Additionally, implement strict access controls and logging around systems running NXLog to detect and respond to suspicious local activity promptly.