PT-2025-5738 · Nginx+7 · Nginx+7

Felix Cramer

+4

·

Published

2025-02-05

·

Updated

2026-05-14

·

CVE-2025-23419

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4
Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This issue arises when TLS Session Tickets and/or the SSL session cache are used in the default server and the default server is performing client certificate authentication.
Recommendations For versions 1.11.4 through 1.27.31, update to version 1.26.3 or 1.27.4 to resolve the issue. For version 1.26.3, no further action is required as this version includes the fix. For version 1.27.4, no further action is required as this version includes the fix. As a temporary workaround, consider disabling the use of TLS Session Tickets and the SSL session cache in the default server until a patch is available.

Fix

Insufficient Session Expiration

Improper Authentication

Incorrect Authorization

Weakness Enumeration

CWE-613CWE-287CWE-863

Related Identifiers

ALT-PU-2025-3074
ALT-PU-2025-3080
ALT-PU-2025-3195
ALT-PU-2025-3205
AZL-56483
AZL-56492
BDU:2025-03281
BIT-NGINX-2025-23419
BIT-NGINX-GATEWAY-2025-23419
CLEANSTART-2026-AF45008
CLEANSTART-2026-BA37192
CLEANSTART-2026-MQ02912
CLEANSTART-2026-XB16901
CLEANSTART-2026-ZN32454
CLEANSTART-2026-ZT77083
CVE-2025-23419
DLA-4091-1
INFEA-2025_7287
INFSA-2025_7331
MGASA-2025-0051
OESA-2025-1134
OPENSUSE-SU-2025:14737-1
RHSA-2025:7331
RHSA-2025_7331
ROSA-SA-2025-2895
SUSE-SU-2025:03089-1
SUSE-SU-2025:03243-1
SUSE-SU-2025:03444-1
SUSE-SU-2025_03444-1
USN-7285-1
USN-7285-2

Affected Products

Alt Linux
Debian
Linuxmint
Nginx
Red Hat
Red Os
Suse
Ubuntu