CVE-2025-23048
BaseFortify
Publication date: 2025-07-10
Last updated on: 2025-11-04
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | http_server | From 2.4.35 (inc) to 2.4.64 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in certain mod_ssl configurations on Apache HTTP Server versions 2.4.35 through 2.4.63. It allows an access control bypass by trusted clients when using TLS 1.3 session resumption. Specifically, if mod_ssl is configured with multiple virtual hosts each restricted to different trusted client certificates, a client trusted for one virtual host may gain access to another virtual host if the SSLStrictSNIVHostCheck setting is not enabled.
How can this vulnerability impact me? :
The vulnerability can allow a client that is trusted to access one virtual host to bypass access controls and gain unauthorized access to other virtual hosts on the same server. This could lead to unauthorized data access or actions on virtual hosts that should be restricted.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Apache HTTP Server's mod_ssl configuration enables SSLStrictSNIVHostCheck for all virtual hosts that use different trusted client certificates. This setting prevents access control bypass by enforcing strict Server Name Indication (SNI) checks during TLS 1.3 session resumption. Review your mod_ssl configurations for multiple virtual hosts with different SSLCACertificateFile or SSLCACertificatePath settings and enable SSLStrictSNIVHostCheck to block unauthorized access.