CVE-2025-23048CRITICAL 9.1EPSS p57.3%

CVE-2025-23048CVE-2025-23048

Description

In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.97% probability of exploitation · percentile 57.3% · 2026-06-18T12:00:27Z
Published2025-07-10
Last modified2025-11-04

Underlying weaknesses· 1

CWE-284

References

  1. https://httpd.apache.org/security/vulnerabilities_24.html
  2. http://www.openwall.com/lists/oss-security/2025/07/10/2
  3. http://www.openwall.com/lists/oss-security/2025/07/10/8
  4. https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34355
CVE
CVE-2026-44185
CVE
Apache HTTP Server-Side Request Forgery (SSRF)
CVE
CVE-2026-34356
CVE
CVE-2026-24072
CVE
CVE-2026-44119
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.