We are committed to the security of our customers, and wish to inform you of CVE-2025-67900, a recently published vulnerability affecting the Windows version of NXLog Agent 6.10 and older.

Technical description

The Windows version of NXLog Agent 6.10.10368 and older includes a Privilege Escalation vulnerability because it attempts to load an OpenSSL configuration file from the hardcoded and unintended directory C:\nxlog4\x64\ on startup.

This is a legacy installation directory that may not exist in clean NXLog Agent installations. Because standard Windows users can create directories under the filesystem root by default, a non-privileged attacker may create a malicious openssl.cnf file within that directory and cause the NXLog Agent process, which runs as NT AUTHORITY\SYSTEM, to load an unintended DLL and execute arbitrary code.

NXLog Agent 6.11 patches the vulnerability by removing the hardcoded path, thus eliminating the possibility of an attacker supplying an arbitrary OpenSSL configuration file and preventing unintended DLL loading.

The following timeline lists the relevant CVE events:

  • November 14, 2025: The Offensive Security Center from Deloitte France reported the vulnerability to NXLog.

  • December 2, 2025: NXLog Agent 6.11 was released including the security patch.

  • December 14, 2025: CVE-2025-67900 published in the NVD.

  • December 15, 2025: CVE record last modified.

Resolution

We strongly recommend upgrading to NXLog Agent 6.11, which addresses the vulnerability.

Mitigation workaround

If you cannot upgrade NXLog Agent immediately, consider implementing the following mitigation strategy on Windows hosts running NXLog Agent:

  1. Explicitly clear the OPENSSL_CONF environment variable to prevent loading untrusted configuration files from the filesystem. To do this, open Command Prompt as Administrator and run:

    setx OPENSSL_CONF "" /m

  2. Restart the nxlog service.

Additionally, we recommend following the instructions on Hardening NXLog Agent on Windows to configure a dedicated service account for running NXLog Agent.

Credits

We would like to thank Antoine Dubrana and Rémi Guillon Bony from Deloitte France’s Offensive Security Center for discovering and responsibly disclosing this vulnerability.

Further information

If you have any questions or require assistance, please contact our support team. Thank you for your continued trust in NXLog.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us
Share
Related Posts