The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - When passing data to the b64decode(), standard_b64decode(), and urlsafe_b64decode() functions in the     base64 module the characters +/ will always be accepted, regardless of the value of altchars     parameter, typically used to establish an alternative base64 alphabet such as the URL safe alphabet.
    This behavior matches what is recommended in earlier base64 RFCs, but newer RFCs now recommend either     dropping characters outside the specified base64 alphabet or raising an error. The old behavior has the     possibility of causing data integrity issues. This behavior can only be insecure if your application uses     an alternate base64 alphabet (without +/). If your application does not use the altchars parameter or     the urlsafe_b64decode() function, then your application does not use an alternative base64 alphabet. The     attached patches DOES NOT make the base64-decode behavior raise an error, as this would be a change in     behavior and break existing programs. Instead, the patch deprecates the behavior which will be replaced     with the newly recommended behavior in a future version of Python. Users are recommended to mitigate by     verifying user-controlled inputs match the base64 alphabet they are expecting or verify that their     application would not be affected if the b64decode() functions accepted + or / outside of altchars.
    (CVE-2025-12781)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-12781

medium Nessus Plugin ID 295336

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Feb 3, 2026, 2:33 PM CVSS metrics ("CVSSv2 score" set to 5.0) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N") CVSS metrics ("CVSSv3 score" set to 5.3) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N") CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:P") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:U/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:U/RC:C") CVSSv3 severity (based on None, severity decreased from "High" to "Medium") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202602031433
Version 1.2 Jan 31, 2026, 11:07 AM Detection (updated detection logic) Plugin metadata Plugin Feed: 202601311107
Version 1.1 Jan 23, 2026, 7:02 AM New Plugin Feed: 202601230702