Resolving a Mutual TLS session resumption vulnerability

A vulnerability in Cloudflare's Mutual TLS implementation allowed certificates from one zone to be used in another zone through session resumption, tracked as CVE-2025-23419. The security flaw was discovered through Cloudflare's Bug Bounty Program and was mitigated within 32 hours by disabling TLS session resumption for mTLS customers.