InfoSecBulletin Cybersecurity for mankind
F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources.
When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication. This issue affects both the NGINX http and NGINX stream modules.
OPA Gatekeeper Bypass Unveils Risks in Kubernetes Policy Engines
(CVE-2025-23419)
F5 Warns of TLS Session Resumption Vulnerability in NGINX
Ransomware payments statistics for 2024, a drop of 35%
CISA Adds 4 Actively Exploited Vuls to KEV Catalog
AMD Patches CPU Vulnerability
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104
CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability
Daily Security Update Dated:4.02.2025
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023
“This vulnerability can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with limited access to sensitive information,” F5 warns in its advisory.
The CVE-2025-23419 vulnerability impacts NGINX Open Source and NGINX Plus that use OpenSSL. Systems with LibreSSL or BoringSSL are safe.
F5 recommends several mitigation measures, including:
Ensuring each server block has a unique IP address and port combination.
Configuring a default stub server that does not perform client authentication.
Performing authorization checks for the correct client certificate values.
Disabling TLS 1.3 as a last resort.
