do son 
F5 has issued a security advisory warning of a vulnerability in NGINX, a popular web server software. The vulnerability, tracked as CVE-2025-23419, could allow attackers to bypass client certificate authentication, potentially gaining unauthorized access to sensitive resources.
This vulnerability occurs when name-based virtual hosts share the same IP address and port while using TLS 1.3 and OpenSSL for secure communication. If TLS session tickets or the SSL session cache are enabled, an attacker who has previously authenticated can reuse the session and bypass client certificate authentication when reconnecting to affected servers.
“This vulnerability can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with limited access to sensitive information,” F5 warns in its advisory.
The CVE-2025-23419 vulnerability affects NGINX Open Source and NGINX Plus when compiled with OpenSSL. Systems using LibreSSL or BoringSSL are not affected.
| Product | Vulnerable Versions | Fixed in |
|---|---|---|
| NGINX Plus | R28 – R33 | R33 P2, R32 P2 |
| NGINX Open Source | 1.11.4 – 1.27.3 | 1.27.4, 1.26.3 |
| Other NGINX Products | Not Affected | N/A |
F5 recommends several mitigation measures, including:
- Ensuring each server block has a unique IP address and port combination.
- Configuring a default stub server that does not perform client authentication.
- Performing authorization checks for the correct client certificate values.
- Disabling TLS 1.3 as a last resort.
Related Posts:
- NGINX Open Source Makes the Jump to GitHub, Boosting Collaboration and Community Engagement
- CISA and F5 Warn of BIG-IP Security Vulnerabilities Under Active Exploit
- NGINX Releases Security Updates: HTTP/3 Vulnerabilities Patched
- CISA Warns of F5 BIG-IP Cookie Exploitation
