CVE-2025-23419

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 5, 2025

CWE ID 287

Summary

CVE-2025-23419 is a vulnerability affecting Nginx servers when multiple server blocks share the same IP address and port. An attacker can exploit this issue by using session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets are used and SSL session caches are enabled on the default server, which performs client certificate authentication. This issue does not affect software versions that have reached End of Technical Support.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2reU8y
https://www.cve.org/CVERecord?id=CVE-2025-23419
https://nvd.nist.gov/vuln/detail/CVE-2025-23419

Back to Vulnerability Database

CVE-2025-23419

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations