INFEA-2025:7287: nginx:1.26 security update
Information about definition
Identificator: INFEA-2025:7287
Type: enhancement
Release date: 2025-07-25 10:22:28 UTC
Information about package
Nginx is open-source software that functions as a web server, reverse proxy, load balancer, and HTTP cache. It's known for its high performance, stability, and ability to handle a large number of concurrent connections with minimal resource usage.
Vulnerabilities description
- CVE-2025-23419
A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS session tickets are used, the SSL session cache is used in the default virtual server, and the default virtual server performs client certificate authentication.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-23419
|
no information | 4.3 | no information |
Updated packages
Preparing to download...