InfoSecBulletin Cybersecurity for mankind
F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources.
When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication. This issue affects both the NGINX http and NGINX stream modules.
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV
Ransomware Attacks Set Records in February: New Data Shows
Cyber attack at Japanese telecom leader NTT hits 18,000 companies
Cyber heist: Pune losses Rs 6007 crore in cyber scam
“This vulnerability can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with limited access to sensitive information,” F5 warns in its advisory.
The CVE-2025-23419 vulnerability impacts NGINX Open Source and NGINX Plus that use OpenSSL. Systems with LibreSSL or BoringSSL are safe.
F5 recommends several mitigation measures, including:
Ensuring each server block has a unique IP address and port combination.
Configuring a default stub server that does not perform client authentication.
Performing authorization checks for the correct client certificate values.
Disabling TLS 1.3 as a last resort.
