CVEFinder.io

CVE-2025-23419

🔶 medium
Summary

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is p

Description

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Score
4.3
Medium
EPSS Score
0.6
Exploit Probability
Published Date
2025-02-05
First Seen: 2026-01-05
Last Modified 2026-01-27
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-863

🔗 References 3

https://my.f5.com/manage/s/article/K000149173
Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/02/05/8
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/03...
Issue Tracking Third Party Advisory

📦 Affected Products 6

Vendor Product Status Affected Versions
debian debian_linux Affected
v11.0
f5 nginx Affected
≥ 1.11.4 < 1.26.3
f5 nginx Affected
≥ 1.27.0 < 1.27.4
f5 nginx_plus Affected
≥ r28 < r32
f5 nginx_plus Affected
vr32
f5 nginx_plus Affected
vr33

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-68670 ⛔ critical 9.1 0.3 xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerabi... 2026-01-27
CVE-2026-24061 ⛔ critical 9.8 29.6 telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment ... 2026-01-21
CVE-2025-6966 🔶 medium 5.5 0.0 NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause ... 2025-12-05
CVE-2025-63498 🔶 medium 6.1 0.1 alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter. 2025-11-24
CVE-2025-64512 ⚠️ high 8.6 0.1 Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documen... 2025-11-10
CVE-2025-10921 ⚠️ high 7.8 0.1 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote a... 2025-10-29
These CVEs affect the same products