InfoSecBulletin Cybersecurity for mankind
F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources.
When name-based virtual hosts are configured to share the same IP address and port combination, with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used and/or the SSL session cache is used in the default virtual server and the default virtual server is performing client certificate authentication. This issue affects both the NGINX http and NGINX stream modules.
WhatsApp to allow usernames instead of phone numbers
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem
Data breach affects 14.2 million email logins across six ISPs
Asian Two AI startups launch Mythos-like Model
Polymarket Hack Reportedly Results in $3 Million Theft
Anthropic Confirms US Infrastructure Redeployment of Claude Mythos 5
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
“This vulnerability can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with limited access to sensitive information,” F5 warns in its advisory.
The CVE-2025-23419 vulnerability impacts NGINX Open Source and NGINX Plus that use OpenSSL. Systems with LibreSSL or BoringSSL are safe.
F5 recommends several mitigation measures, including:
Ensuring each server block has a unique IP address and port combination.
Configuring a default stub server that does not perform client authentication.
Performing authorization checks for the correct client certificate values.
Disabling TLS 1.3 as a last resort.
