CNNVD-202507-3048 Information

Jul 23, 2025 cve

CNNVD ID

CNNVD-202507-3048

CVE-2025-53942

CNNVD Published: 2025-07-23

Description (Chinese)

authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.4.4及之前版本和2025.6.0-rc1至2025.6.3版本存在安全漏洞，该漏洞源于OAuth/SAML账户状态验证不足，可能导致部分系统访问权限保留。

Description (English)

Authentik is an open source identity to provide an application. There is a security loophole in the authentik 2025.4.4 and previous versions and in versions 2025.6.0-rc1 to 2025.6.3, which stems from insufficient verification of the OAuth/SAML account status, which may lead to the retention of access rights in some systems.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

authentik

Published

2025-07-23

Last Modified

2026-02-24

References

https://github.com/goauthentik/authentik/security/advisories/GHSA-9g4j-v8w5-7x42 https://github.com/goauthentik/authentik/commit/ce3f9e3763c1778bf3a16b98c95d10f4091436ab https://github.com/goauthentik/authentik/commit/c3629d12bfe3d32d3dc8f85c0ee1f087a55dde8f https://github.com/goauthentik/authentik/commit/7a4c6b9b50f8b837133a7a1fd2cb9b7f18a145cd https://nvd.nist.gov/vuln/detail/CVE-2025-53942

Patch

https://github.com/goauthentik/authentik/releases

Share on: