CVE-2025-23419

MEDIUM

CVSS v3

4.3

MEDIUM

EPSS Score

0.6%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Technical Details

Published
2/5/2025

Frequently Asked Questions

What is CVE-2025-23419?

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Is CVE-2025-23419 actively exploited?

Active exploitation of CVE-2025-23419 has not been confirmed. The EPSS score is 0.6%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-23419?

CVE-2025-23419 has a CVSS v3 base score of 4.3 (MEDIUM severity).

Is CVE-2025-23419 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.