Main Vulnerability Database Exploits ID:12218 - Exploit for Security features bypass in Apache HTTP Server - CVE-2025-23048

ID:12218 - Exploit for Security features bypass in Apache HTTP Server - CVE-2025-23048

Published: January 4, 2026

Vulnerability identifier: #VU112730

Vulnerability risk: Medium

CVE-ID: CVE-2025-23048

CWE-ID: CWE-254

Exploitation vector: Remote access

Vulnerable software:
Apache HTTP Server

Link to public exploit:

https://github.com/absholi7ly/CVE-2025-23048-POC

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to access control bypass with session resumption in mod_ssl. A remote attacker can use the TLS 1.3 session resumption to bypass implemented access control.

Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.

Remediation

Install updates from vendor's website.

ID:12218 - Exploit for Security features bypass in Apache HTTP Server - CVE-2025-23048

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human