CNNVD-202512-2251 Information

CNNVD ID

CNNVD-202512-2251

Related CVE

CVE-2025-67716

• CNNVD Published: 2025-12-11

Description (Chinese)

nextjs-auth0是Auth0开源的一个Next.js SDK，用于使用Auth0登录。 nextjs-auth0 4.9.0版本至4.12.1版本存在安全漏洞，该漏洞源于returnTo参数输入验证不足，可能导致OAuth查询参数注入。

Description (English)

Nextjs-auth0 is a Next.js SDK, an open source for Auth0 and is used for Auth0 login. There is a security loophole in versions 0,4.9.0 to 4.12.1 of the nextjs-auth, which is a result of inadequate input validation of returnTo parameters, which may lead to the injection of OAuth query parameters.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Auth0

Published

2025-12-11

Last Modified

2026-02-24

References

https://github.com/auth0/nextjs-auth0/commit/35eb321de3345ccf23e8c0d6f66c9f2f2f57d26c https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-mr6f-h57v-rpj5

Patch

https://github.com/auth0/nextjs-auth0/releases