Vulnerability Reportnginx:1.25.0-alpine

Name: nginx:1.25.0-alpine Security Vulnerability Report
Creator: BaseImage
Keywords: nginx:1.25.0-alpine, Docker security, vulnerability scan, CVE, container security, SBOM

DIGESTsha256:2e776a66a3556f001aba13431b26e448fe8acba277bf93d2ab1a785571a46d90

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could initiate a denial of service attack via HTTP/2 (CVE-2023-44487) or potentially achieve remote code execution by exploiting vulnerabilities in exposed components like libexpat (CVE-2024-45492). Note that libexpat-related vulnerabilities are primarily a concern if the NGINX configuration involves processing untrusted XML inputs. While an Official Docker Hub Image, the significant exposed attack surface with multiple high-severity, directly exploitable vulnerabilities warrants immediate remediation or selection of an alternative image.

Threat Score

100/100

DANGEROUS

Critical, actively exploited HTTP/2 Rapid Reset DDoS vulnerability (CVE-2023-44487, severity 9.75) directly impacts NGINX, which is expected to handle HTTP/2 traffic on port 80/tcp.
Contains multiple other high-severity vulnerabilities on the exposed surface, with 5 having severity >= 7.0, including potential remote code execution or denial of service via XML processing (CVE-2024-45492).
Despite being an Official Docker Hub Image ('Docker Official', 'TRUSTED') with over a billion pulls, the presence of severe, directly exploitable flaws makes production use highly risky.
A significant attack surface is identified, with 75 total exposed vulnerabilities, 17 of which are severity >= 6.0.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

nginx:1.25.0-alpine

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

109 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-44487	CRITICAL9.75	nghttp2-libs 1.51.0-r0 fixed in 1.51.0-r2	94.4% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2024-45492	HIGH7.84	libexpat 2.5.0-r0 fixed in 2.6.3-r0	1.2% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-6119	HIGH7.5	libcrypto3 3.0.8-r3 fixed in 3.0.15-r0	5.7% Low-Moderate Risk	Directly Exposed
CVE-2024-6197	HIGH7.5	libcurl 8.1.1-r0 fixed in 8.9.0-r0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2024-6119	HIGH7.5	libssl3 3.0.8-r3 fixed in 3.0.15-r0	5.7% Low-Moderate Risk	Directly Exposed
CVE-2024-45491	MEDIUM6.66	libexpat 2.5.0-r0 fixed in 2.6.3-r0	0.6% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2023-6129	MEDIUM6.5	libcrypto3 3.0.8-r3 fixed in 3.0.12-r2	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-6129	MEDIUM6.5	libssl3 3.0.8-r3 fixed in 3.0.12-r2	2.5% Low-Moderate Risk	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-45490	MEDIUM6.38	libexpat 2.5.0-r0 fixed in 2.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-35945	MEDIUM6.38	nghttp2-libs 1.51.0-r0 fixed in 1.51.0-r1	0.1% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-4863	MEDIUM6	libwebp 1.2.4-r2 fixed in 1.2.4-r3	93.6% Actively Exploited	Directly Exposed
CVE-2023-52425	MEDIUM6	libexpat 2.5.0-r0 fixed in 2.6.0-r0	1.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-28757	MEDIUM6	libexpat 2.5.0-r0 fixed in 2.6.2-r0	1.2% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-26519	MEDIUM5.95	musl 1.2.3-r4 fixed in 1.2.3-r6	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libcrypto3 3.0.8-r3 fixed in 3.0.14-r0	5.2% Low-Moderate Risk	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libssl3 3.0.8-r3 fixed in 3.0.14-r0	5.2% Low-Moderate Risk	Directly Exposed
CVE-2023-46218	MEDIUM5.52	libcurl 8.1.1-r0 fixed in 8.5.0-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2023-3316	MEDIUM5.52	tiff 4.4.0-r3 fixed in 4.4.0-r4	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-2650	MEDIUM5.07	libcrypto3 3.0.8-r3 fixed in 3.0.9-r0	92.0% Actively Exploited	Directly Exposed
CVE-2023-2650	MEDIUM5.07	libssl3 3.0.8-r3 fixed in 3.0.9-r0	92.0% Actively Exploited	Directly Exposed
CVE-2023-1255	MEDIUM5.02	libcrypto3 3.0.8-r3 fixed in 3.0.8-r4	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-6237	MEDIUM5.02	libcrypto3 3.0.8-r3 fixed in 3.0.12-r3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2024-50602	MEDIUM5.02	libexpat 2.5.0-r0 fixed in 2.6.4-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2023-1255	MEDIUM5.02	libssl3 3.0.8-r3 fixed in 3.0.8-r4	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-6237	MEDIUM5.02	libssl3 3.0.8-r3 fixed in 3.0.12-r3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.0.8-r3 fixed in 3.0.19-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.0.8-r3 fixed in 3.0.19-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM5	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2025-15467	MEDIUM5	libssl3 3.0.8-r3 fixed in 3.0.19-r0	0.7% Theoretical Threat	Directly Exposed
CVE-2024-4741	MEDIUM4.76	libcrypto3 3.0.8-r3 fixed in 3.0.14-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM4.76	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-4741	MEDIUM4.76	libssl3 3.0.8-r3 fixed in 3.0.14-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM4.76	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-0727	MEDIUM4.67	libcrypto3 3.0.8-r3 fixed in 3.0.12-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-52426	MEDIUM4.67	libexpat 2.5.0-r0 fixed in 2.6.0-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-0727	MEDIUM4.67	libssl3 3.0.8-r3 fixed in 3.0.12-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2379	MEDIUM4.59	libcurl 8.1.1-r0 fixed in 8.7.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2023-5363	MEDIUM4.5	libcrypto3 3.0.8-r3 fixed in 3.0.12-r0	4.7% Low-Moderate Risk	Directly Exposed
CVE-2023-5363	MEDIUM4.5	libssl3 3.0.8-r3 fixed in 3.0.12-r0	4.7% Low-Moderate Risk	Directly Exposed
CVE-2023-2975	MEDIUM4.5	libcrypto3 3.0.8-r3 fixed in 3.0.9-r2	0.2% Theoretical Threat	Directly Exposed
CVE-2023-3446	MEDIUM4.5	libcrypto3 3.0.8-r3 fixed in 3.0.9-r3	0.9% Theoretical Threat	Directly Exposed
CVE-2023-3817	MEDIUM4.5	libcrypto3 3.0.8-r3 fixed in 3.0.10-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2023-5678	MEDIUM4.5	libcrypto3 3.0.8-r3 fixed in 3.0.12-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2024-4603	MEDIUM4.5	libcrypto3 3.0.8-r3 fixed in 3.0.13-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-46219	MEDIUM4.5	libcurl 8.1.1-r0 fixed in 8.5.0-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-0853	MEDIUM4.5	libcurl 8.1.1-r0 fixed in 8.6.0-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-2004	MEDIUM4.5	libcurl 8.1.1-r0 fixed in 8.7.1-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2024-2466	MEDIUM4.5	libcurl 8.1.1-r0 fixed in 8.7.1-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2023-2975	MEDIUM4.5	libssl3 3.0.8-r3 fixed in 3.0.9-r2	0.2% Theoretical Threat	Directly Exposed
CVE-2023-3446	MEDIUM4.5	libssl3 3.0.8-r3 fixed in 3.0.9-r3	0.9% Theoretical Threat	Directly Exposed
CVE-2023-3817	MEDIUM4.5	libssl3 3.0.8-r3 fixed in 3.0.10-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2023-5678	MEDIUM4.5	libssl3 3.0.8-r3 fixed in 3.0.12-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2024-4603	MEDIUM4.5	libssl3 3.0.8-r3 fixed in 3.0.13-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-38545	MEDIUM4.06	curl 8.1.1-r0 fixed in 8.4.0-r0	26.3% High Exploitation Risk	Post-Exploit
CVE-2023-38545	MEDIUM4.06	libcurl 8.1.1-r0 fixed in 8.4.0-r0	26.3% High Exploitation Risk	Post-Exploit
CVE-2024-13176	MEDIUM4	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2511	LOW3.7	libcrypto3 3.0.8-r3 fixed in 3.0.12-r5	3.0% Low-Moderate Risk	Directly Exposed
CVE-2024-2511	LOW3.7	libssl3 3.0.8-r3 fixed in 3.0.12-r5	3.0% Low-Moderate Risk	Directly Exposed
CVE-2024-6874	LOW3.65	libcurl 8.1.1-r0 fixed in 8.9.0-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-26519	LOW3.57	musl-utils 1.2.3-r4 fixed in 1.2.3-r6	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-69418	LOW3.4	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.15	libcrypto3 3.0.8-r3 fixed in 3.0.15-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2023-38546	LOW3.15	libcurl 8.1.1-r0 fixed in 8.4.0-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.15	libssl3 3.0.8-r3 fixed in 3.0.15-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2023-38039	LOW3.1	curl 8.1.1-r0 fixed in 8.3.0-r0	12.3% High Exploitation Risk	Post-Exploit
CVE-2023-38039	LOW3.1	libcurl 8.1.1-r0 fixed in 8.3.0-r0	12.3% High Exploitation Risk	Post-Exploit
CVE-2023-42363	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r30	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r30	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r30	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-2379	LOW2.75	curl 8.1.1-r0 fixed in 8.7.1-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2024-2398	LOW2.7	curl 8.1.1-r0 fixed in 8.7.1-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-6197	LOW2.7	curl 8.1.1-r0 fixed in 8.9.0-r0	1.3% Low-Moderate Risk	Post-Exploit
CVE-2024-2398	LOW2.7	libcurl 8.1.1-r0 fixed in 8.7.1-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2023-46219	LOW2.7	curl 8.1.1-r0 fixed in 8.5.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2024-0853	LOW2.7	curl 8.1.1-r0 fixed in 8.6.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2024-2004	LOW2.7	curl 8.1.1-r0 fixed in 8.7.1-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2024-2466	LOW2.7	curl 8.1.1-r0 fixed in 8.7.1-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-9232	LOW2.63	libcrypto3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW2.63	libssl3 3.0.8-r3 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-6874	LOW2.19	curl 8.1.1-r0 fixed in 8.9.0-r0	1.0% Theoretical Threat	Post-Exploit
CVE-2023-46218	LOW1.99	curl 8.1.1-r0 fixed in 8.5.0-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2023-38546	LOW1.89	curl 8.1.1-r0 fixed in 8.4.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2023-43787	NONE0	libx11 1.8.4-r0 fixed in 1.8.7-r0	<0.1% Theoretical Threat	Not Applicable
CVE-2023-29491	NONE0	ncurses-libs 6.3_p20221119-r0 fixed in 6.3_p20221119-r1	<0.1% Theoretical Threat	Not Applicable
CVE-2023-29491	NONE0	ncurses-terminfo-base 6.3_p20221119-r0 fixed in 6.3_p20221119-r1	<0.1% Theoretical Threat	Not Applicable
CVE-2023-3138	NONE0	libx11 1.8.4-r0 fixed in 1.8.4-r1	<0.1% Theoretical Threat	Not Applicable
CVE-2023-43785	NONE0	libx11 1.8.4-r0 fixed in 1.8.7-r0	0.1% Theoretical Threat	Not Applicable
CVE-2023-43786	NONE0	libx11 1.8.4-r0 fixed in 1.8.7-r0	<0.1% Theoretical Threat	Not Applicable