CVE-2025-53548 Information

Description

Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.

Reference

https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9

Related CNNVD

CNNVD-202507-1349 (Published: 2025-07-09)