CVE-2025-23048

CVSS-Score: 9.1 EPSS (FIRST): Score -, Perzentil - EPSS Stand: - Veroeffentlicht (CVE.org): 2025-07-10 Zuletzt angereichert: 2026-05-14 20:48 UTC

### Eintraege mit Bezug zu CVE-2025-23048

CVE-2025-23048: In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.62, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

 2025-07-10 00:00 CRITICAL Apache HTTP Server Security (httpd.org JSON) vendor_advisory
Alle CVEs