Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2025-02-05T18:15:33.347

Last Modified

2025-11-12T14:50:08.157

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-287
Type: Primary
CWE-613

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	nginx	< 1.26.3	Yes
Application	f5	nginx	< 1.27.4	Yes
Application	f5	nginx_plus	< r32	Yes
Application	f5	nginx_plus	r32	Yes
Application	f5	nginx_plus	r32	Yes
Application	f5	nginx_plus	r33	Yes
Application	f5	nginx_plus	r33	Yes
Operating System	debian	debian_linux	11.0	Yes

References

https://my.f5.com/manage/s/article/K000149173 Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2025/02/05/8 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2025/03/msg00017.html Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)