CVE-2025-10908 | WSO2 Identity Server Magic Link/Pass Key authorization

Inserito da Angelo Barbosa | Mag 11, 2026 | CVE

A vulnerability classified as problematic has been found in WSO2 Identity Server and Carbon MagicLink Authenticator Module. The affected element is an unknown function of the component Magic Link/Pass Key. This manipulation causes incorrect authorization.

The identification of this vulnerability is CVE-2025-10908. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-10908 | WSO2 Identity Server Magic Link/Pass Key authorization

Post correlati

CVE-2024-53833 | Google Android lwis_transaction.c prepare_response_locked out-of-bounds write

CVE-2024-3055 | Unlimited Elements For Elementor Plugin up to 1.5.102 on WordPress sql injection

CVE-2024-4961 | D-Link DAR-7000-40 V31R02B1413C /user/onlineuser.php file_upload unrestricted upload (SAP10354)

CVE-2024-31812 | Totolink EX200 4.0.3c.7646_B20201211 getWiFiExtenderConfig information disclosure