Vulnerability Reportnginx:1.25.1-alpine

Name: nginx:1.25.1-alpine Security Vulnerability Report
Creator: BaseImage
Keywords: nginx:1.25.1-alpine, Docker security, vulnerability scan, CVE, container security, SBOM

DIGESTsha256:647c5c83418c19eef0cddc647b9899326e3081576390c4c7baa4fce545123b6c

Executive Summary

DANGEROUS

This image poses a critical security risk and must not be used in production, especially as an internet-facing service. An attacker could exploit the critical CVE-2023-44487, an actively exploited HTTP/2 Rapid Reset vulnerability, to launch a denial of service attack that consumes server resources and renders the Nginx service unavailable. Other high-severity issues, such as CVE-2023-38545, are also present, though CVE-2023-38545 specifically requires the curl library to be explicitly configured for a SOCKS5 proxy to be exploitable. Despite being an official and trusted Docker Hub image, the presence of such severe and exploitable vulnerabilities makes it unsuitable for immediate production deployment.

Threat Score

90/100

DANGEROUS

A critical, actively exploited HTTP/2 DDoS vulnerability (CVE-2023-44487) with a severity of 9.75 and high contextual importance is present in the exposed surface.
Multiple other high-severity vulnerabilities are exposed, including CVE-2023-38545 (8.0) and CVE-2024-6197 (7.5).
The image contains 62 total exposed vulnerabilities, with 3 rated 7.0 or higher, and a maximum severity of 9.75.
The image is an Official Docker Hub image, trusted, and its immutability is ensured by being pinned by digest.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

nginx:1.25.1-alpine

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

94 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2023-44487	CRITICAL9.75	nghttp2-libs 1.51.0-r1 fixed in 1.51.0-r2	94.4% Actively Exploited	Directly ExposedContext importance: HIGH
CVE-2023-38545	HIGH8	libcurl 8.2.1-r0 fixed in 8.4.0-r0	26.3% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-6197	HIGH7.5	libcurl 8.2.1-r0 fixed in 8.9.0-r0	1.3% Low-Moderate Risk	Directly Exposed
CVE-2023-38039	MEDIUM6.9	libcurl 8.2.1-r0 fixed in 8.3.0-r0	12.3% High Exploitation Risk	Directly ExposedContext importance: MEDIUM
CVE-2023-6129	MEDIUM6.5	libcrypto3 3.0.10-r0 fixed in 3.0.12-r2	2.5% Low-Moderate Risk	Directly Exposed
CVE-2023-6129	MEDIUM6.5	libssl3 3.0.10-r0 fixed in 3.0.12-r2	2.5% Low-Moderate Risk	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-45490	MEDIUM6.38	libexpat 2.5.0-r0 fixed in 2.6.3-r0	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69421	MEDIUM6.38	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69419	MEDIUM6.29	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-6119	MEDIUM6	libcrypto3 3.0.10-r0 fixed in 3.0.15-r0	5.7% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-2398	MEDIUM6	libcurl 8.2.1-r0 fixed in 8.7.1-r0	2.0% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2024-6119	MEDIUM6	libssl3 3.0.10-r0 fixed in 3.0.15-r0	5.7% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2025-26519	MEDIUM5.95	musl 1.2.3-r5 fixed in 1.2.3-r6	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-26519	MEDIUM5.95	musl-utils 1.2.3-r5 fixed in 1.2.3-r6	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libcrypto3 3.0.10-r0 fixed in 3.0.14-r0	5.2% Low-Moderate Risk	Directly Exposed
CVE-2024-5535	MEDIUM5.9	libssl3 3.0.10-r0 fixed in 3.0.14-r0	5.2% Low-Moderate Risk	Directly Exposed
CVE-2024-45492	MEDIUM5.88	libexpat 2.5.0-r0 fixed in 2.6.3-r0	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-46218	MEDIUM5.52	libcurl 8.2.1-r0 fixed in 8.5.0-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2023-6237	MEDIUM5.02	libcrypto3 3.0.10-r0 fixed in 3.0.12-r3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2024-50602	MEDIUM5.02	libexpat 2.5.0-r0 fixed in 2.6.4-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2023-6237	MEDIUM5.02	libssl3 3.0.10-r0 fixed in 3.0.12-r3	0.5% Theoretical Threat	Directly Exposed
CVE-2025-69420	MEDIUM5.02	libssl3 3.0.10-r0 fixed in 3.0.19-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2026-22796	MEDIUM5.02	libssl3 3.0.10-r0 fixed in 3.0.19-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2024-45491	MEDIUM5	libexpat 2.5.0-r0 fixed in 2.6.3-r0	0.6% Theoretical Threat	Directly Exposed
CVE-2024-4741	MEDIUM4.76	libcrypto3 3.0.10-r0 fixed in 3.0.14-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM4.76	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-4741	MEDIUM4.76	libssl3 3.0.10-r0 fixed in 3.0.14-r0	0.4% Theoretical Threat	Directly Exposed
CVE-2025-9230	MEDIUM4.76	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-0727	MEDIUM4.67	libcrypto3 3.0.10-r0 fixed in 3.0.12-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-52426	MEDIUM4.67	libexpat 2.5.0-r0 fixed in 2.6.0-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-0727	MEDIUM4.67	libssl3 3.0.10-r0 fixed in 3.0.12-r4	0.2% Theoretical Threat	Directly Exposed
CVE-2026-22795	MEDIUM4.67	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2379	MEDIUM4.59	libcurl 8.2.1-r0 fixed in 8.7.1-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2023-52425	MEDIUM4.5	libexpat 2.5.0-r0 fixed in 2.6.0-r0	1.6% Low-Moderate Risk	Directly Exposed
CVE-2024-28757	MEDIUM4.5	libexpat 2.5.0-r0 fixed in 2.6.2-r0	1.2% Low-Moderate Risk	Directly Exposed
CVE-2023-5678	MEDIUM4.5	libcrypto3 3.0.10-r0 fixed in 3.0.12-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2024-4603	MEDIUM4.5	libcrypto3 3.0.10-r0 fixed in 3.0.13-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-46219	MEDIUM4.5	libcurl 8.2.1-r0 fixed in 8.5.0-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-0853	MEDIUM4.5	libcurl 8.2.1-r0 fixed in 8.6.0-r0	0.2% Theoretical Threat	Directly Exposed
CVE-2024-2004	MEDIUM4.5	libcurl 8.2.1-r0 fixed in 8.7.1-r0	0.8% Theoretical Threat	Directly Exposed
CVE-2024-2466	MEDIUM4.5	libcurl 8.2.1-r0 fixed in 8.7.1-r0	0.1% Theoretical Threat	Directly Exposed
CVE-2023-5678	MEDIUM4.5	libssl3 3.0.10-r0 fixed in 3.0.12-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2024-4603	MEDIUM4.5	libssl3 3.0.10-r0 fixed in 3.0.13-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-4863	MEDIUM4.12	libwebp 1.2.4-r2 fixed in 1.2.4-r3	93.6% Actively Exploited	Post-Exploit
CVE-2023-38545	MEDIUM4.06	curl 8.2.1-r0 fixed in 8.4.0-r0	26.3% High Exploitation Risk	Post-Exploit
CVE-2024-13176	MEDIUM4	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-13176	MEDIUM4	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-68160	MEDIUM4	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2511	LOW3.7	libcrypto3 3.0.10-r0 fixed in 3.0.12-r5	3.0% Low-Moderate Risk	Directly Exposed
CVE-2024-2511	LOW3.7	libssl3 3.0.10-r0 fixed in 3.0.12-r5	3.0% Low-Moderate Risk	Directly Exposed
CVE-2024-6874	LOW3.65	libcurl 8.2.1-r0 fixed in 8.9.0-r0	1.0% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-69418	LOW3.4	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.15	libcrypto3 3.0.10-r0 fixed in 3.0.15-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2023-38546	LOW3.15	libcurl 8.2.1-r0 fixed in 8.4.0-r0	0.3% Theoretical Threat	Directly Exposed
CVE-2024-9143	LOW3.15	libssl3 3.0.10-r0 fixed in 3.0.15-r1	0.6% Theoretical Threat	Directly Exposed
CVE-2023-38039	LOW3.1	curl 8.2.1-r0 fixed in 8.3.0-r0	12.3% High Exploitation Risk	Post-Exploit
CVE-2025-15467	LOW3	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2025-15467	LOW3	libssl3 3.0.10-r0 fixed in 3.0.19-r0	0.7% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox 1.35.0-r29 fixed in 1.35.0-r30	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	busybox-binsh 1.35.0-r29 fixed in 1.35.0-r30	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42363	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42364	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42365	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r31	<0.1% Theoretical Threat	Post-Exploit
CVE-2023-42366	LOW2.8	ssl_client 1.35.0-r29 fixed in 1.35.0-r30	<0.1% Theoretical Threat	Post-Exploit
CVE-2024-2379	LOW2.75	curl 8.2.1-r0 fixed in 8.7.1-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2024-2398	LOW2.7	curl 8.2.1-r0 fixed in 8.7.1-r0	2.0% Low-Moderate Risk	Post-Exploit
CVE-2024-6197	LOW2.7	curl 8.2.1-r0 fixed in 8.9.0-r0	1.3% Low-Moderate Risk	Post-Exploit
CVE-2023-5363	LOW2.7	libcrypto3 3.0.10-r0 fixed in 3.0.12-r0	4.7% Low-Moderate Risk	Post-Exploit
CVE-2023-5363	LOW2.7	libssl3 3.0.10-r0 fixed in 3.0.12-r0	4.7% Low-Moderate Risk	Post-Exploit
CVE-2023-46219	LOW2.7	curl 8.2.1-r0 fixed in 8.5.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2024-0853	LOW2.7	curl 8.2.1-r0 fixed in 8.6.0-r0	0.2% Theoretical Threat	Post-Exploit
CVE-2024-2004	LOW2.7	curl 8.2.1-r0 fixed in 8.7.1-r0	0.8% Theoretical Threat	Post-Exploit
CVE-2024-2466	LOW2.7	curl 8.2.1-r0 fixed in 8.7.1-r0	0.1% Theoretical Threat	Post-Exploit
CVE-2025-9232	LOW2.63	libcrypto3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-9232	LOW2.63	libssl3 3.0.10-r0 fixed in 3.0.19-r0	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-6874	LOW2.19	curl 8.2.1-r0 fixed in 8.9.0-r0	1.0% Theoretical Threat	Post-Exploit
CVE-2023-46218	LOW1.99	curl 8.2.1-r0 fixed in 8.5.0-r0	0.4% Theoretical Threat	Post-Exploit
CVE-2023-38546	LOW1.89	curl 8.2.1-r0 fixed in 8.4.0-r0	0.3% Theoretical Threat	Post-Exploit
CVE-2023-43787	NONE0	libx11 1.8.4-r1 fixed in 1.8.7-r0	<0.1% Theoretical Threat	Not Applicable
CVE-2023-43785	NONE0	libx11 1.8.4-r1 fixed in 1.8.7-r0	0.1% Theoretical Threat	Not Applicable
CVE-2023-43786	NONE0	libx11 1.8.4-r1 fixed in 1.8.7-r0	<0.1% Theoretical Threat	Not Applicable