Sign In

CVE-2025-23419

ADVISORY - nist

Summary

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.  

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

EPSS Score: 0.00243 (0.475)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-287

Improper Authentication

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2025-23419
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-287

CVSS SCORE

5.3medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2025-23419
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2025-23419
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2025-23419
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

UPDATED

ADVISORY IDALAS2023-2025-842
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

UPDATED

ADVISORY ID

BIT-nginx-2025-23419

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.3medium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2025-7331
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium