F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources.
When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication. This issue affects both the NGINX http and NGINX stream modules.
The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May...
Recent security research has shown that attackers can weaken zero-trust security frameworks by exploiting a key DNS vulnerability, disrupting automated...
“This vulnerability can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with limited access to sensitive information,” F5 warns in its advisory.
The CVE-2025-23419 vulnerability impacts NGINX Open Source and NGINX Plus that use OpenSSL. Systems with LibreSSL or BoringSSL are safe.
Source: my.f5.com
F5 recommends several mitigation measures, including:
Ensuring each server block has a unique IP address and port combination.
Configuring a default stub server that does not perform client authentication.
Performing authorization checks for the correct client certificate values.
Disabling TLS 1.3 as a last resort.