Detections
Analytics

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.0.6)

medium Nessus Plugin ID 299670

Synopsis

The Nutanix AOS host is affected by multiple vulnerabilities .

Description

The version of AOS installed on the remote host is prior to 7.5.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.0.6 advisory.

 - A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow.
 The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with [f]ixed for 2.46. (CVE-2025-11083)

 - The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. (CVE-2024-11168)

 - CPython 3.9 and earlier doesn't disallow configuring an empty list ([]) for SSLContext.set_npn_protocols() which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used (see CVE-2024-5535 for OpenSSL). This vulnerability is of low severity due to NPN being not widely used and specifying an empty list likely being uncommon in-practice (typically a protocol name would be configured). (CVE-2024-5642)

 - A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment activation scripts (ie source venv/bin/activate). This means that attacker- controlled virtual environments are able to run commands when the virtual environment is activated.
 Virtual environments which are not created by an attacker or which aren't activated before being used (ie ./venv/bin/python) are not affected. (CVE-2024-9287)

 - The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accepted domain names that included square brackets which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers. (CVE-2025-0938)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AOS software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?7696f2b5

Plugin Details

Severity: Medium

ID: 299670

File Name: nutanix_NXSA-AOS-7_5_0_6.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 2/20/2026

Updated: 2/20/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2025-11083

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Threat Score: 2.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N

CVSS Score Source: CVE-2025-68161

Vulnerability Information

CPE: cpe:/o:nutanix:aos

Required KB Items: Host/Nutanix/Data/lts, Host/Nutanix/Data/Service, Host/Nutanix/Data/Version, Host/Nutanix/Data/arch

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/20/2026

Vulnerability Publication Date: 4/9/2024

Reference Information

CVE: CVE-2024-11168, CVE-2024-5642, CVE-2024-9287, CVE-2025-0938, CVE-2025-11083, CVE-2025-13601, CVE-2025-4138, CVE-2025-4330, CVE-2025-4435, CVE-2025-4516, CVE-2025-4517, CVE-2025-58436, CVE-2025-6069, CVE-2025-6075, CVE-2025-61915, CVE-2025-61984, CVE-2025-61985, CVE-2025-64720, CVE-2025-65018, CVE-2025-68161, CVE-2025-68615, CVE-2025-8291, CVE-2025-9086, CVE-2025-9230, CVE-2026-21925, CVE-2026-21933, CVE-2026-21945