CVE-2025-23419
MEDIUMCVSS v3
4.3
MEDIUM
EPSS Score
0.6%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Technical Details
- Published
- 2/5/2025
Frequently Asked Questions
What is CVE-2025-23419?
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Is CVE-2025-23419 actively exploited?
Active exploitation of CVE-2025-23419 has not been confirmed. The EPSS score is 0.6%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-23419?
CVE-2025-23419 has a CVSS v3 base score of 4.3 (MEDIUM severity).
Is CVE-2025-23419 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.