CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://my.f5.com/manage/s/article/K000149173
http://www.openwall.com/lists/oss-security/2025/02/05/8
https://lists.debian.org/debian-lts-announce/2025/03/msg00017.html

Configurations

No configuration.

History

03 Nov 2025, 21:19

Type	Values Removed	Values Added
Summary		(es) Cuando se configuran varios bloques de servidores para compartir la misma dirección IP y puerto, un atacante puede usar la reanudación de sesión para eludir los requisitos de autenticación de certificados de cliente en estos servidores. Esta vulnerabilidad surge cuando se utilizan tickets de sesión TLS https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key y/o se utiliza la caché de sesión SSL https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache en el servidor predeterminado y este está realizando la autenticación de certificados de cliente. Nota: Las versiones de software que han llegado al final del soporte técnico (EoTS) no se evalúan.
References		() https://lists.debian.org/debian-lts-announce/2025/03/msg00017.html -

05 Feb 2025, 20:15

Type	Values Removed	Values Added
References		() http://www.openwall.com/lists/oss-security/2025/02/05/8 -

05 Feb 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-05 18:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-23419

Mitre link : CVE-2025-23419

CVE.ORG link : CVE-2025-23419

JSON object : View

Products Affected

No product.

CWE

CWE-287

Improper Authentication

4.3 /10