UBUNTU-CVE-2025-23048
- Source
- https://ubuntu.com/security/CVE-2025-23048
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-23048.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-23048
- Upstream
- Downstream
- Related
- Published
- 2025-07-10T17:15:00Z
- Modified
- 2026-01-20T18:53:50.350365Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
- References
-
- https://ubuntu.com/security/CVE-2025-23048
- https://www.cve.org/CVERecord?id=CVE-2025-23048
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2025-23048
- https://httpd.apache.org/security/vulnerabilities_24.html
- https://ubuntu.com/security/notices/USN-7639-1
- https://ubuntu.com/security/notices/USN-7639-2
Affected packages
Ubuntu:22.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.52-1ubuntu4.15?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.52-1ubuntu4.15
Affected versions
2.*
2.4.48-3.1ubuntu3
2.4.48-3.1ubuntu4
2.4.51-2ubuntu1
2.4.52-1ubuntu1
2.4.52-1ubuntu2
2.4.52-1ubuntu4
2.4.52-1ubuntu4.1
2.4.52-1ubuntu4.2
2.4.52-1ubuntu4.3
2.4.52-1ubuntu4.4
2.4.52-1ubuntu4.5
2.4.52-1ubuntu4.6
2.4.52-1ubuntu4.7
2.4.52-1ubuntu4.8
2.4.52-1ubuntu4.9
2.4.52-1ubuntu4.10
2.4.52-1ubuntu4.11
2.4.52-1ubuntu4.12
2.4.52-1ubuntu4.13
2.4.52-1ubuntu4.14
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-ssl-dev",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.52-1ubuntu4.15"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.52-1ubuntu4.15"
}
]
}Ubuntu:24.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.58-1ubuntu8.7?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.58-1ubuntu8.7
Affected versions
2.*
2.4.57-2ubuntu2
2.4.57-2ubuntu3
2.4.58-1ubuntu1
2.4.58-1ubuntu2
2.4.58-1ubuntu6
2.4.58-1ubuntu7
2.4.58-1ubuntu8
2.4.58-1ubuntu8.1
2.4.58-1ubuntu8.2
2.4.58-1ubuntu8.3
2.4.58-1ubuntu8.4
2.4.58-1ubuntu8.5
2.4.58-1ubuntu8.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-ssl-dev",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.58-1ubuntu8.7"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.58-1ubuntu8.7"
}
]
}Ubuntu:Pro:14.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.22+esm10?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
2.4.7-1ubuntu4.22+esm6
2.4.7-1ubuntu4.22+esm8
2.4.7-1ubuntu4.22+esm9
2.4.7-1ubuntu4.22+esm10
Ecosystem specific
{
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.22+esm10"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.22+esm10"
}
]
}Ubuntu:Pro:16.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.17+esm16?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.18-2ubuntu3.17+esm16
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
2.4.18-2ubuntu3.15
2.4.18-2ubuntu3.17
2.4.18-2ubuntu3.17+esm1
2.4.18-2ubuntu3.17+esm2
2.4.18-2ubuntu3.17+esm3
2.4.18-2ubuntu3.17+esm4
2.4.18-2ubuntu3.17+esm5
2.4.18-2ubuntu3.17+esm6
2.4.18-2ubuntu3.17+esm7
2.4.18-2ubuntu3.17+esm8
2.4.18-2ubuntu3.17+esm9
2.4.18-2ubuntu3.17+esm10
2.4.18-2ubuntu3.17+esm11
2.4.18-2ubuntu3.17+esm12
2.4.18-2ubuntu3.17+esm13
2.4.18-2ubuntu3.17+esm14
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.17+esm16"
}
]
}Ubuntu:Pro:18.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.27+esm6?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.29-1ubuntu4.27+esm6
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
2.4.29-1ubuntu4.13
2.4.29-1ubuntu4.14
2.4.29-1ubuntu4.16
2.4.29-1ubuntu4.17
2.4.29-1ubuntu4.18
2.4.29-1ubuntu4.19
2.4.29-1ubuntu4.20
2.4.29-1ubuntu4.21
2.4.29-1ubuntu4.22
2.4.29-1ubuntu4.23
2.4.29-1ubuntu4.24
2.4.29-1ubuntu4.25
2.4.29-1ubuntu4.26
2.4.29-1ubuntu4.27
2.4.29-1ubuntu4.27+esm1
2.4.29-1ubuntu4.27+esm2
2.4.29-1ubuntu4.27+esm3
2.4.29-1ubuntu4.27+esm4
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-ssl-dev",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.27+esm6"
}
]
}Ubuntu:Pro:20.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.41-4ubuntu3.23+esm2?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.41-4ubuntu3.23+esm2
Affected versions
2.*
2.4.41-1ubuntu1
2.4.41-4ubuntu1
2.4.41-4ubuntu2
2.4.41-4ubuntu3
2.4.41-4ubuntu3.1
2.4.41-4ubuntu3.3
2.4.41-4ubuntu3.4
2.4.41-4ubuntu3.5
2.4.41-4ubuntu3.6
2.4.41-4ubuntu3.7
2.4.41-4ubuntu3.8
2.4.41-4ubuntu3.9
2.4.41-4ubuntu3.10
2.4.41-4ubuntu3.11
2.4.41-4ubuntu3.12
2.4.41-4ubuntu3.13
2.4.41-4ubuntu3.14
2.4.41-4ubuntu3.15
2.4.41-4ubuntu3.16
2.4.41-4ubuntu3.17
2.4.41-4ubuntu3.19
2.4.41-4ubuntu3.20
2.4.41-4ubuntu3.21
2.4.41-4ubuntu3.23
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-ssl-dev",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "libapache2-mod-md",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
},
{
"binary_name": "libapache2-mod-proxy-uwsgi",
"binary_version": "2.4.41-4ubuntu3.23+esm2"
}
]
}