CNNVD-202510-2797 Information

Oct 22, 2025 cve

CNNVD ID

CNNVD-202510-2797

CVE-2025-62706

CNNVD Published: 2025-10-22

Description (Chinese)

Authlib是Authlib开源的一个构建 OAuth 和 OpenID Connect 服务器的终极 Python 库。 Authlib 1.6.5之前版本存在安全漏洞，该漏洞源于JWE zip=DEF路径执行无限制DEFLATE解压缩，可能导致内存和CPU耗尽，造成拒绝服务攻击。

Description (English)

Authlib is the ultimate Python library for building the OAuth and OpenID Connect servers. There was a security loophole in the previous version of Authlib 1.6.5, which originated from the unrestricted implementation of DEFLATE on JWE zip=DF path, which could lead to depletion of memory and CPU, resulting in a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Authlib

Published

2025-10-22

Last Modified

2026-02-24

References

https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m https://github.com/authlib/authlib/commit/e0863d5129316b1790eee5f14cece32a03b8184d https://vigilance.fr/vulnerability/Authlib-overload-via-DEFLATE-Decompression-48602 https://access.redhat.com/security/cve/cve-2025-62706

Patch

https://authlib.org/

Share on: