CVE-2025-48370 | auth-js up to 2.69.0 API improper authentication (GHSA-8r88-6cj9-9fh5)

Inserito da Angelo Barbosa | Mag 27, 2025 | CVE

A vulnerability was found in auth-js up to 2.69.0. It has been classified as critical. Affected is the function getUserById/deleteUser/updateUserById/listFactors/deleteFactor of the component API. The manipulation leads to improper authentication.

This vulnerability is traded as CVE-2025-48370. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-48370 | auth-js up to 2.69.0 API improper authentication (GHSA-8r88-6cj9-9fh5)

Post correlati

CVE-2024-0713 | Monitorr 1.7.6m Services Configuration /assets/php/upload.php fileToUpload unrestricted upload

CVE-2025-5183 | Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 Header Host redirect

CVE-2025-2570 | Mattermost up to 9.11.11/10.5.2/10.6.x RestrictSystemAdmin Setting authorization

CVE-2024-32545 | Canva Plugin up to 1.2.4 on WordPress cross site scripting