CNNVD-202506-3574 Information

Jun 27, 2025 cve

CNNVD ID

CNNVD-202506-3574

CVE-2025-52553

  • CNNVD Published: 2025-06-27

Description (Chinese)

authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.6.3和2025.4.3之前版本存在授权问题漏洞,该漏洞源于RAC端点令牌缺少会话检查,可能导致会话劫持。

Description (English)

Authentik is an open source identity to provide an application. Prior versions of authentik 2025.6.3 and 2025.4.3 had a mandate gap, which stemmed from the lack of a session check for RAC end-point tokens, which could lead to a session hijacking.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

authentik

Published

2025-06-27

Last Modified

2026-02-24

References

https://github.com/goauthentik/authentik/security/advisories/GHSA-wr3v-9p2c-chx7 https://github.com/goauthentik/authentik/commit/7100d3c6741853f1cfe3ea2073ba01823ab55caa https://github.com/goauthentik/authentik/commit/65373ab21711d58147b5cb9276c5b5876baaa5eb https://github.com/goauthentik/authentik/commit/0e07414e9739b318cff9401a413a5fe849545325 https://nvd.nist.gov/vuln/detail/CVE-2025-52553 https://access.redhat.com/security/cve/cve-2025-52553

Patch

https://github.com/goauthentik/authentik/releases

Share on: