CNNVD-202511-2195 Information

CNNVD ID

CNNVD-202511-2195

Related CVE

CVE-2025-64521

• CNNVD Published: 2025-11-19

Description (Chinese)

authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.8.5之前版本和2025.10.2之前版本存在安全漏洞，该漏洞源于服务账户在停用后仍可进行身份验证，可能导致未经授权的访问。

Description (English)

Authentik is an open source identity to provide an application. There is a security loophole in the pre-Authentik 2025.8.5 and pre-2025.10.2 versions, which stems from the fact that service accounts can still be identified after they are disabled and may lead to unauthorized access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

authentik

Published

2025-11-19

Last Modified

2026-02-24

References

https://github.com/goauthentik/authentik/security/advisories/GHSA-xr73-jq5p-ch8r https://github.com/goauthentik/authentik/commit/9dbdfc3f1be0f1be36f8efce2442897b2a54a71c https://access.redhat.com/security/cve/cve-2025-64521

Patch

https://github.com/goauthentik/authentik/releases