CVE-2025-23048 – Apache HTTP Server mod_ssl TLS 1.3 Session Resumption Access Control Bypass

July 10, 2025

CVE ID : CVE-2025-23048

Published : July 10, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption.

Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-47252 – Apache HTTP Server mod_ssl Untrusted Client Data Injection

Next Article CVE-2024-43204 – Apache HTTP Server mod_proxy SSRF

Highlights

CVE-2025-32407 – Samsung Internet for Galaxy Watch TLS Certificate Validation Bypass

May 16, 2025

CVE ID : CVE-2025-32407

Published : May 16, 2025, 9:15 p.m. | 3 hours, 29 minutes ago

Description : Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-23048 – Apache HTTP Server mod_ssl TLS 1.3 Session Resumption Access Control Bypass

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

Fix Twitter/X Not Logging In [Desktop & Mobile]

CVE-2022-50223 – LoongArch Linux Kernel CPUInfo Information Disclosure Vulnerability

Alibaba Qwen Team Releases Qwen3-Embedding and Qwen3-Reranker Series – Redefining Multilingual Embedding and Ranking Standards

I went hands-on with ChatGPT Codex and the vibe was not good – here’s what happened

CVE-2025-32407 – Samsung Internet for Galaxy Watch TLS Certificate Validation Bypass

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

Twitter refuses to explain what it’s doing about hate speech and misinformation, sues New York State for asking

Google’s AI ‘Big Sleep’ Flags 20 Security Flaws in Open-Source Projects

CVE-2025-23048 – Apache HTTP Server mod_ssl TLS 1.3 Session Resumption Access Control Bypass

Related Posts