What is CVE-2024-24989?

A high-severity vulnerability in F5's NGINX Plus and NGINX OSS can lead to unexpected terminations of worker processes when the HTTP/3 QUIC module is configured. Immediate remediation is crucial to maintain service stability.

What is the severity of CVE-2024-24989?

CVE-2024-24989 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2024-24989 | High Vulnerability in F5 NGINX

CVE-2024-24989 is a high-severity vulnerability affecting F5's NGINX Plus and NGINX Open Source (OSS) when configured to utilize the HTTP/3 QUIC module. This vulnerability allows undisclosed requests to cause NGINX worker processes to terminate unexpectedly. Given that the HTTP/3 QUIC module is not enabled by default and is considered experimental, it is crucial for organizations using NGINX to be aware of this issue and its implications.

The CVSS score for this vulnerability is 7.5, indicating a high level of severity. This score is a reflection of the potential impact on availability, as the vulnerability can lead to service disruptions. Organizations that rely on NGINX for their web services should assess their configurations and take necessary actions to mitigate this risk.

Currently, there is no known exploit for this vulnerability, but the high exploitability rating suggests that attackers may seek to take advantage of it. Organizations should prioritize patching this vulnerability to maintain service stability. The urgency for remediation is high, and organizations should address it in their patch cycle.

In conclusion, CVE-2024-24989 poses a significant risk to organizations using F5's NGINX Plus and NGINX OSS with the HTTP/3 QUIC module configured. Organizations should prioritize patching immediately to avoid potential service interruptions.

Vulnerability Details

This vulnerability allows NGINX worker processes to terminate unexpectedly when the HTTP/3 QUIC module is configured. The CVSS score of 7.5 reflects the high severity of the issue. The affected products include NGINX Open Source and NGINX Plus, specifically versions 1.25.3 and r31 respectively. The vulnerability was published on February 14, 2024.

Technical Analysis

The root cause of this vulnerability stems from the handling of undisclosed requests by NGINX when the HTTP/3 QUIC module is enabled. The attack vector is network-based, and the complexity is low, requiring no special privileges or user interaction. The impact on availability is high, as it can lead to service outages.

Risk & Impact Analysis

Risk to organizations includes potential service disruptions due to unexpected terminations of NGINX worker processes. The vulnerability has a significant blast radius, particularly for organizations that rely heavily on NGINX for their web services. Organizations should assess their deployment configurations and prioritize remediation efforts to mitigate this risk.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of NGINX include NGINX Open Source version 1.25.3 and NGINX Plus version R31. All versions prior to the respective vendor patch are vulnerable.

Mitigation & Remediation

Organizations should immediately apply patches provided by F5 to mitigate this vulnerability. For NGINX users, consider disabling the HTTP/3 QUIC module if it is not needed. Regularly monitor configurations and conduct security assessments to ensure compliance with best practices. Organizations can validate remediation through penetration testing to identify similar weaknesses.

Detection Guidance

Monitor NGINX logs for unusual termination messages from worker processes. Additionally, observe behavioral anomalies when HTTP/3 QUIC is enabled. Establish network signatures that can detect potential exploit attempts, and maintain system changes to identify any unauthorized modifications.

AppSecure Threat Intelligence Insight

This vulnerability highlights the importance of thorough testing when implementing experimental features in production environments. Organizations should adopt a proactive approach to security by integrating continuous security testing into their deployment processes. For further guidance on improving security posture, organizations can refer to penetration testing methodology, which details best practices for identifying vulnerabilities.

Additionally, organizations may benefit from understanding the trends in vulnerability management to enhance their security frameworks.

Finally, organizations should consider engaging in red teaming exercises to better understand potential attack vectors and improve their defenses.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-24989: High Vulnerability in F5 NGINX