4.3
MEDIUM
CVE-2025-23419
Nginx SSL/TLS Session Ticket Hijacking Vulnerability
Description

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

INFO

Published Date :

Feb. 5, 2025, 6:15 p.m.

Last Modified :

Feb. 5, 2025, 8:15 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

1.4

Exploitability Score :

2.8
Public PoC/Exploit Available at Github

CVE-2025-23419 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-23419 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 F5 nginx_plus
2 F5 nginx_open_source
: Total Affected Vendor : 1 | Products : 2
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-23419.

URL Resource
https://my.f5.com/manage/s/article/K000149173
http://www.openwall.com/lists/oss-security/2025/02/05/8

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
fkie-cad/nvd-json-data-feeds

Community reconstruction of the legacy JSON NVD Data Feeds. This project uses and redistributes data from the NVD API but is neither endorsed nor certified by the NVD.

Shell

Updated: 6 days, 8 hours ago
130 stars 17 fork 17 watcher
Born at : May 17, 2023, 8 a.m. This repo has been linked 53 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-23419 vulnerability anywhere in the article.

  • TheCyberThrone
TheCyberThrone Security Weekly Review – February 08, 2025

Welcome to TheCyberThrone  cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 08, 2025.CVE-2025-21293 PoC Exp ... Read more

Published Date: Feb 09, 2025 (2 days, 16 hours ago)
CVE-2025-23419 CVE-2025-24503 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981
  • TheCyberThrone
Apache James Denial-of-Service Vulnerabilities

The Apache James Mail Server has recently been identified as vulnerable to two distinct Denial-of-Service (DoS) attacks, tracked as CVE-2024-45626 and CVE-2024-37358 These vulnerabilities pose signifi ... Read more

Published Date: Feb 08, 2025 (3 days, 16 hours ago)
CVE-2025-0994 CVE-2024-45626 CVE-2024-37358 CVE-2025-23419 CVE-2025-24503 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981 CVE-2024-34055
  • TheCyberThrone
CVE-2025-24503 impacts Symantec PAM

CVE-2025-24503 is a critical security vulnerability affecting Privileged Access Manager (PAM) solutions, specifically those provided by Symantec. This vulnerability, if exploited, can have severe cons ... Read more

Published Date: Feb 08, 2025 (3 days, 22 hours ago)
CVE-2025-0994 CVE-2025-23419 CVE-2025-24503 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981
  • The Cloudflare Blog
Resolving a Mutual TLS session resumption vulnerability

2025-02-075 min readOn January 23, 2025, Cloudflare was notified via its Bug Bounty Program of a vulnerability in Cloudflare’s Mutual TLS (mTLS) implementation. The vulnerability affected customers wh ... Read more

Published Date: Feb 07, 2025 (4 days, 9 hours ago)
CVE-2025-23419
  • TheCyberThrone
CVE-2025-0994 affects Trimble Cityworks

CVE-2025-0994 is a serious security vulnerability affecting Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10. This vulnerability can lead to remot ... Read more

Published Date: Feb 07, 2025 (4 days, 19 hours ago)
CVE-2025-0994 CVE-2025-23419 CVE-2025-0944 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981 CVE-2024-53104
  • TheCyberThrone
CVE-2025-23419 impacts Nginx Server

CVE-2025-23419 is a security vulnerability that arises when multiple server blocks in an Nginx configuration share the same IP address and port. An attacker can exploit this vulnerability by using the ... Read more

Published Date: Feb 07, 2025 (4 days, 21 hours ago)
CVE-2025-23419 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981 CVE-2024-53104

The following table lists the changes that have been made to the CVE-2025-23419 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Feb. 05, 2025

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2025/02/05/8
  • New CVE Received by [email protected]

    Feb. 05, 2025

    Action Type Old Value New Value
    Added Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
    Added CWE CWE-287
    Added Reference https://my.f5.com/manage/s/article/K000149173
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-23419 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-23419 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: