NGINX TLS Session Ticket Key Reuse Allows Client Certificate Authentication Bypass

What Is Happening

CVE-2025-23419 is a vulnerability in F5 NGINX that allows attackers to bypass client certificate authentication when TLS session tickets are enabled across multiple virtual servers. The flaw occurs because NGINX reuses session ticket keys across server blocks that share the same memory zone, enabling an attacker who authenticates to one virtual server to reuse that session ticket to access a different virtual server that requires a different or stricter client certificate.

This vulnerability affects organizations using mutual TLS (mTLS) authentication to protect sensitive endpoints. In practice, an attacker with a valid certificate for a low-privilege virtual server can hijack TLS session resumption to gain access to a high-privilege virtual server without presenting the required certificate. This breaks the assumed isolation between virtual servers that rely on distinct certificate validation policies.

The vulnerability was disclosed by F5 in February 2025. While there is no current evidence of active exploitation or inclusion in CISA's Known Exploited Vulnerabilities catalog, organizations using NGINX for client certificate authentication in multi-tenant or segmented environments should treat this as a high-priority configuration and patching issue. The attack requires network access to the NGINX server and possession of a valid certificate for at least one virtual server, which is a realistic scenario in environments with partner portals, API gateways, or tiered access systems.

Affected Versions

Patched versions are available from the official NGINX repositories:

• NGINX Open Source: Update to version 1.27.4 or later via https://nginx.org/en/download.html
• NGINX Plus: Apply patch release R33 P1 or later via the F5 customer portal

Advisory reference: F5 Security Advisory K000149540

Organizations running NGINX Open Source versions prior to 1.11.6 are not affected, as TLS session ticket key sharing was introduced in that release.

What Being on an Affected Version Means

An attacker who holds a valid client certificate for any virtual server on the affected NGINX instance can authenticate once, capture the session ticket, then present that ticket when connecting to a different virtual server. NGINX will accept the resumed session without re-validating the client certificate against the target virtual server's requirements. This means the attacker bypasses certificate-based access controls entirely for the duration of the session ticket's validity, which is 300 seconds by default.

The attack path is straightforward: an attacker connects to virtual server A with their legitimate certificate, obtains a session ticket, then immediately connects to virtual server B using that ticket. Server B processes the resumed session as if the attacker had presented a valid certificate for B. This gives the attacker access to any resources protected by virtual server B's client certificate policy, including internal APIs, administrative endpoints, or sensitive data stores that were intended to be isolated from server A's user population.

Mitigation Steps

1. Update NGINX to the patched version: Upgrade NGINX Open Source to 1.27.4 or later. Upgrade NGINX Plus to R33 P1 or later. Verify the installed version with nginx -v after upgrade.

1. Disable session ticket reuse across virtual servers: If immediate patching is not possible, configure separate ssl_session_ticket_key files for each virtual server that requires distinct client certificate validation. This prevents session ticket reuse across server blocks.

1. Reduce session ticket lifetime: Add ssl_session_timeout 60s; to limit the window for session ticket reuse. This does not eliminate the vulnerability but reduces the exploitation window.

1. Disable session tickets entirely as a temporary measure: Add ssl_session_tickets off; to affected server blocks. This forces full TLS handshakes for every connection, which has a performance impact but eliminates the vulnerability.

1. Monitor for anomalous session resumption patterns: Review NGINX access logs for rapid sequential connections from the same client IP to different virtual servers. Enable debug-level SSL logging temporarily with error_log /var/log/nginx/ssl_debug.log debug; and search for "reused session" entries that span different server names.

1. Audit virtual server configurations: Identify all server blocks sharing the same ssl_session_cache zone and evaluate whether they have different client certificate requirements. Isolate high-security endpoints into dedicated cache zones.

Organizations using mTLS for access control segmentation should patch immediately, as this vulnerability directly undermines the security boundary that client certificate authentication is intended to enforce.