A security scan with Qualys Tool discovered CVE-2025-23419 in Airgap Server.
Qualys Sample Output Report
Nginx Certificate Authentication Bypass Vulnerability (CVE-2025-23419)
nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server. A problem with SSL session resumption in nginx was identified.
Affected Versions:
Nginx version from 1.11.4 prior to 1.26.3
Nginx version from 1.27.0 prior to 1.27.4
QID Detection Logic (Unauthenticated):
This QID performs an unauthenticated check for vulnerable versions of Nginx by grabbing the version number from the server banner of the HTTP response after sending HTTP GET method for status code 2xx-5xx.
Telco Cloud Platform Version 5.0
Airgap Server SW Version 3.2
nginx SW Version nginx-1.26.2-1.ph4.x86_64
VMware Photon OS 4.0
This vulnerability, CVE-2025-23419, applies to nginx versions 1.11.4 through 1.27.3 when configured to use TLSv1.3 with session resumption enabled through ssl_session_cache or ssl_session_tickets.
Although the Airgap Server (version 3.2.0.1) utilizes nginx 1.26.2, its default configuration enforces the use of TLSv1.2 rather than the affected TLSv1.3. As a result, Airgap Server SW Version 3.2 is not impacted by CVE-2025-23419, and no remediation is required at this time.
You may verify the TLS version configured on the Airgap Server using the following commands:
grep -i tls /etc/nginx/nginx.conf
Expected Output should be
ssl_protocols TLSv1.2;