CVE-2025-23419 Overview
CVE-2025-23419 is an authorization vulnerability in F5 NGINX and NGINX Plus affecting TLS session resumption logic. When multiple server blocks share the same IP address and port, an attacker can reuse a TLS session from one virtual server to bypass client certificate authentication requirements on another. The flaw is tracked under CWE-863: Incorrect Authorization and impacts deployments that rely on ssl_session_ticket_key or ssl_session_cache directives in the default server performing mutual TLS.
Critical Impact
Authenticated attackers with access to one virtual host can resume a TLS session against a sibling server block to access resources protected by client certificate authentication without presenting a valid client certificate.
Affected Products
- F5 NGINX (versions prior to vendor-supplied fix)
- F5 NGINX Plus R32 and R33 (including R32 P1 and R33 P1)
- Debian Linux 11 (NGINX package)
Discovery Timeline
- 2025-02-05 - CVE-2025-23419 published to NVD and disclosed via OpenWall OSS Security list
- 2025-03 - Debian LTS publishes security advisory
- 2026-01-27 - Last updated in NVD database
Technical Details for CVE-2025-23419
Vulnerability Analysis
The vulnerability resides in how NGINX handles TLS session resumption across virtual servers that share a single listening socket. When several server {} blocks listen on the same IP and port, NGINX maintains a shared TLS session cache and shared session ticket keys at the default server level. If the default server enforces client certificate authentication using ssl_verify_client, an attacker can establish a session with a less restrictive virtual host on the same socket and obtain a valid session ticket. The attacker then resumes that session while sending a Server Name Indication (SNI) targeting the protected virtual host, bypassing the mutual TLS check during abbreviated handshakes.
Root Cause
The root cause is improper scoping of TLS session state. Session tickets and the SSL session cache are bound to the default server context rather than to each virtual host's authentication policy. As a result, resumption skips full handshake validation, including the client certificate request, even when the resumed connection targets a server block requiring mTLS.
Attack Vector
Exploitation requires network access to the NGINX listener and the ability to complete a TLS handshake with any virtual server sharing the listening socket. The attacker first negotiates a full TLS handshake with a permissive server {} block to receive a session ticket or cache entry. The attacker then initiates a new connection with the same ticket while presenting an SNI value that routes to the protected virtual host. NGINX resumes the prior session and grants access without revalidating the client certificate. No prior credentials beyond network reachability are required.
Detection Methods for CVE-2025-23419
Indicators of Compromise
- TLS connections to mTLS-protected virtual hosts that complete without a Certificate message from the client during the handshake.
- Access log entries on protected server {} blocks lacking $ssl_client_s_dn or $ssl_client_verify values of SUCCESS.
- Repeated session resumptions from a single client IP that span multiple SNI hostnames on the same listener.
Detection Strategies
- Enable ssl_verify_client logging and audit handshakes where $ssl_session_reused is r against requests targeting protected hosts.
- Correlate TLS handshake telemetry with HTTP virtual host routing to identify SNI mismatches between session establishment and resumption.
- Inspect packet captures for ClientHello messages reusing session tickets across distinct SNI values on shared listeners.
Monitoring Recommendations
- Forward NGINX access and error logs containing TLS variables ($ssl_session_reused, $ssl_client_verify, $ssl_server_name) to a centralized analytics platform.
- Alert on requests to mTLS-protected endpoints where $ssl_client_verify is not SUCCESS.
- Track patch state for NGINX and NGINX Plus binaries across the fleet and flag instances still running vulnerable releases.
How to Mitigate CVE-2025-23419
Immediate Actions Required
- Upgrade NGINX Plus to a release later than R33 P1 or apply the fix referenced in F5 advisory K000149173.
- For Debian 11, install the patched nginx package distributed via the Debian LTS advisory.
- Audit configurations for server {} blocks that share an IP and port with a default server enforcing ssl_verify_client.
Patch Information
F5 published remediation guidance in Support Article K000149173. Debian LTS shipped fixed NGINX packages for Debian 11 in March 2025. Software versions that have reached End of Technical Support are not evaluated and should be replaced with supported releases.
Workarounds
- Disable TLS session resumption on affected listeners by setting ssl_session_tickets off; and ssl_session_cache off; until patches are applied.
- Move mTLS-protected virtual hosts to a dedicated IP and port so they do not share session state with other server {} blocks.
- Enforce ssl_verify_client consistently across every virtual host that shares a listening socket with the protected default server.
# Configuration example: disable shared TLS session resumption on the listener
server {
listen 443 ssl;
server_name secure.example.com;
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_client_certificate /etc/nginx/certs/ca.crt;
ssl_verify_client on;
ssl_session_tickets off;
ssl_session_cache off;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
