Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-59420

Опубликовано: 22 сент. 2025
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:authlib:authlib:*:*:*:*:*:*:*:*
Версия до 1.6.4 (исключая)

EPSS

Процентиль: 10%
0.00034
Низкий

7.5 High

CVSS3

Дефекты

CWE-345
CWE-345

Связанные уязвимости

ubuntu логотип

CVE-2025-59420

CVSS3: 7.5
ubuntu
3 месяца назад

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.4, Authlib’s JWS verification accepts tokens that declare unknown critical header parameters (crit), violating RFC 7515 “must‑understand” semantics. An attacker can craft a signed token with a critical header (for example, bork or cnf) that strict verifiers reject but Authlib accepts. In mixed‑language fleets, this enables split‑brain verification and can lead to policy bypass, replay, or privilege escalation. This issue has been patched in version 1.6.4.

redhat логотип

CVE-2025-59420

CVSS3: 7.5
redhat
3 месяца назад

No description is available for this CVE.

debian логотип

CVE-2025-59420

CVSS3: 7.5
debian
3 месяца назад

Authlib is a Python library which builds OAuth and OpenID Connect serv ...

github логотип

GHSA-9ggr-2464-2j32

CVSS3: 7.5
github
3 месяца назад

Authlib: JWS/JWT accepts unknown crit headers (RFC violation → possible authz bypass)

EPSS

Процентиль: 10%
0.00034
Низкий

7.5 High

CVSS3

Дефекты

CWE-345
CWE-345