Session Resumption Vulnerability in NGINX Affected by Client Certificate Authentication Bypass
CVE-2025-23419

5.3MEDIUM

Key Information:

Vendor
F5
Status
Nginx Open Source
Nginx Plus
Vendor
CVE Published:
5 February 2025

Badges

๐Ÿ“ˆ Score: 1,110๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

What is CVE-2025-23419?

CVE-2025-23419 is a vulnerability affecting the NGINX web server, specifically related to session resumption functionality when client certificate authentication is in use. NGINX is widely utilized for its efficient handling of web traffic and secure connections. This vulnerability permits an attacker to bypass client certificate authentication when multiple server blocks sharing the same IP address and port are configured, potentially allowing unauthorized access to sensitive resources within an organization.

Technical Details

This vulnerability emerges in configurations that employ TLS session tickets and the SSL session cache within NGINX servers. When the default server is set up to require client certificate authentication, the improper handling of session resumption can lead to an attacker's ability to easily manipulate access restrictions. By leveraging this vulnerability, malicious actors can exploit the TLS protocol's features to access resources that should be protected, thereby compromising the integrity and confidentiality of the server's communications.

Potential impact of CVE-2025-23419

  1. Unauthorized Access: Attackers can exploit this vulnerability to gain unauthorized access to sensitive client data, leading to potential data breaches and exposure of confidential information.

  2. Compliance Violations: Organizations reliant on client certificate authentication may face compliance issues, particularly in regulated industries, as unauthorized access could violate data protection laws and regulations.

  3. Reputation Damage: A successful exploitation of this vulnerability may lead to significant reputational harm for organizations, as clients and partners may lose trust in the organization's ability to secure their data.

Affected Version(s)

NGINX Open Source 1.11.4

NGINX Plus R17

News Articles

favicon imageThe Cloudflare Blog

Resolving a Mutual TLS session resumption vulnerability

Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different zones improperly. Cloudflare mitigated the issue in 32 hours by disabling session resumption for mTLS...

2 weeks ago

References

https://my.f5.com/manage/s/article/K000149173
vendor-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by The Cloudflare Blog

  • Vulnerability published

  • Vulnerability Reserved

Credit

Sven Hebrok
Felix Cramer
Tim Storm
Maximilian Radoy
Juraj Somorovsky
.