CVE-2025-48951 Information

Jun 04, 2025 cve

Description

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of cookie data. If exploited since SDKs process cookie content without prior authentication a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected as are applications using the Auth0/symfony Auth0/laravel-auth0 or Auth0/wordpress SDKs because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.14.0 contains a patch for the issue.

Reference

https://github.com/auth0/auth0-PHP/commit/52a79480fdb246f59dbc089b81a784ae049bd389 https://github.com/auth0/auth0-PHP/security/advisories/GHSA-v9m8-9xxp-q492

Share on: