CNNVD-202512-3171 Information
CNNVD ID
CNNVD-202512-3171
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Auth0-PHP是Auth0开源的一个用于Auth0身份验证和管理API的PHP SDK。 Auth0-PHP 8.0.0版本至8.17.0版本存在安全漏洞,该漏洞源于访问令牌中的受众验证不当,可能导致接受ID令牌作为访问令牌。
Description (English)
Auth0-PHP is a PHP SDK for Auth0 identification and management of API. There is a security loophole in Auth0-PHP versions 8.0.0 to 8.17.0, which stems from poor audience validation in access tokens and may lead to acceptance of ID tokens as access badges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Auth0
Published
2025-12-17
Last Modified
2026-02-24
References
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf https://github.com/auth0/auth0-PHP/releases/tag/8.18.0 https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7 https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f https://github.com/auth0/symfony/releases/tag/5.6.0 https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479 https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h https://github.com/auth0/wordpress/releases/tag/5.5.0 https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3 https://github.com/auth0/laravel-auth0/releases/tag/7.20.0 https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de https://access.redhat.com/security/cve/cve-2025-68129
Patch
https://github.com/auth0/auth0-PHP/releases
Share on: