Detections
Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.2)

high Nessus Plugin ID 277073

Language:

Synopsis

The Nutanix AOS host is affected by multiple vulnerabilities .

Description

The version of AOS installed on the remote host is prior to 7.3.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.2 advisory.

 - A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. (CVE-2025-32990)

 - Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vim's tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives.
 Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on.
 Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability. (CVE-2025-53905)

 - Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim's zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives.
 Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on.
 Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability. (CVE-2025-53906)

 - A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high. (CVE-2025-26465)

 - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass.
 Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue. (CVE-2025-58060)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?d00a0fbb

Plugin Details

Severity: High

ID: 277073

File Name: nutanix_NXSA-AOS-7_3_1_2.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 12/2/2025

Updated: 12/2/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS Score Source: CVE-2025-32990

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:nutanix:aos

Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/2/2025

Vulnerability Publication Date: 2/11/2025

CISA Known Exploited Vulnerability Due Dates: 11/20/2025

Reference Information

CVE: CVE-2025-26465, CVE-2025-32988, CVE-2025-32990, CVE-2025-41244, CVE-2025-53905, CVE-2025-53906, CVE-2025-58060, CVE-2025-6395