CVE-2025-23419
TLS Session Resumption VulnerabilityWhen multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_key are used and/or the SSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache are used in the default server and the default server is performing client certificate authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
We have discovered 174,929 live websites that are affected by CVE-2025-23419.
Affected Software
| Product |  Nginx |
| Category | Web Servers |
| Vulnerable Domains | 174,929 live websites (5.36% of Nginx install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 112 versions ( 50% of all versions) |
Common Weakness Enumeration
CWE-287 Improper AuthenticationDetails
- Published - Feb 5, 2025
- Updated - Nov 3, 2025
Credits
- Sven Hebrok (finder)
- Felix Cramer (finder)
- Tim Storm (finder)
- Maximilian Radoy (finder)
- Juraj Somorovsky (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-23419 United States | 51,148 websites |
 China | 20,458 websites |
 Russia | 19,511 websites |
 Germany | 14,602 websites |
 Singapore | 12,513 websites |
 France | 6,133 websites |
 New Zealand | 5,089 websites |
 Ukraine | 3,545 websites |
 Hungary | 3,542 websites |
 Italy | 3,114 websites |
Website Distribution by TLD
Number of websites using CVE-2025-23419| .com | 75,797 websites |
| .ru | 17,106 websites |
| .net | 6,542 websites |
| .de | 6,455 websites |
| .cn | 5,895 websites |
| .org | 5,491 websites |
| .it | 2,779 websites |
| .fr | 2,517 websites |
| .com.br | 2,489 websites |
| .dk | 1,562 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-23419
Top websites that are affected by CVE-2025-23419. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.******.org | United States | *** | |
| ***.**.**.com | China | *** | |
| **********.com | United States | *** | |
| ****.****.******.org | United States | *** | |
| ******.org | United States | *,*** | |
| ***.*******.com | *,*** | ||
| *********.******.org | United States | *,*** | |
| ********.****.******.org | United States | *,*** | |
| ***.****.******.org | United States | *,*** | |
| *****.****.******.org | United States | *,*** |
FAQ
CVE-2025-23419 is Improper Authentication in Nginx
A total of 174,929 websites have been identified as vulnerable to CVE-2025-23419, based on global website indexing conducted by WebTechSurvey.
The Nginx is affected by the CVE-2025-23419 vulnerability.
Nginx versions up to 1.11.4 are vulnerable to CVE-2025-23419.
CVE-2025-23419 is resolved in version 1.11.4 of Nginx.