Detections
Analytics

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.0.2)

medium Nessus Plugin ID 300933

Synopsis

The Nutanix AHV host is affected by multiple vulnerabilities .

Description

The version of AHV installed on the remote host is prior to AHV-11.0.0.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.0.2 advisory.

 - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.
 (CVE-2025-5987)

 - A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow.
 The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with [f]ixed for 2.46. (CVE-2025-11083)

 - ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) (CVE-2025-61984)

 - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. (CVE-2025-61985)

 - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component alpha 257 required by the simplified PNG API. This issue has been patched in version 1.6.51. (CVE-2025-64720)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the Nutanix AHV software to the recommended version. Before upgrading: if this cluster is registered with Prism Central, ensure that Prism Central has been upgraded first to a compatible version. Refer to the Software Product Interoperability page on the Nutanix portal.

See Also

http://www.nessus.org/u?e11c098b

Plugin Details

Severity: Medium

ID: 300933

File Name: nutanix_NXSA-AHV-11_0_0_2.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 3/5/2026

Updated: 3/5/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2025-11083

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-5987

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:nutanix:ahv

Required KB Items: Host/Nutanix/Data/Node/Version, Host/Nutanix/Data/Node/Type

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/3/2026

Vulnerability Publication Date: 6/10/2025

Reference Information

CVE: CVE-2025-11083, CVE-2025-45582, CVE-2025-5987, CVE-2025-61984, CVE-2025-61985, CVE-2025-64720, CVE-2025-65018, CVE-2025-66293