Detections
Analytics
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.1.1.1)
high Nessus Plugin ID 278726
Language:
Synopsis
The Nutanix AOS host is affected by multiple vulnerabilities .Description
The version of AOS installed on the remote host is prior to 7.1.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.1.1.1 advisory.- Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specially crafted request to bypass some rewrite rules. If those rewrite rules effectively enforced security constraints, those constraints could be bypassed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.5, from 10.1.0-M1 through 10.1.39, from 9.0.0.M1 through 9.0.102. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue. (CVE-2025-31651)
- Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session. (CVE-2024-47081)
- A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. (CVE-2025-6020)
- A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root.
This CVE provides a complete fix for CVE-2025-6020. (CVE-2025-8941)
- In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap- based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. (CVE-2025-32415)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.See Also
Plugin Details
Severity: High
ID: 278726
File Name: nutanix_NXSA-AOS-7_1_1_1.nasl
Version: 1.1
Type: local
Family: Misc.
Published: 12/15/2025
Updated: 12/15/2025
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-31651
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.9
Threat Score: 7.7
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CVSS Score Source: CVE-2025-53506
Vulnerability Information
CPE: cpe:/o:nutanix:aos
Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/15/2025
Vulnerability Publication Date: 4/8/2025
Reference Information
CVE: CVE-2024-47081, CVE-2025-31650, CVE-2025-31651, CVE-2025-32415, CVE-2025-46701, CVE-2025-48976, CVE-2025-48988, CVE-2025-48989, CVE-2025-49124, CVE-2025-49125, CVE-2025-52434, CVE-2025-52520, CVE-2025-53506, CVE-2025-6020, CVE-2025-8941