Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-8dve-yw6d-17gg

Summary

Auth0-PHP SDK has Improper Audience Validation
In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens.

Aliases

alias	CVE-2025-68129

alias	GHSA-j2vm-wrq3-f7gf

Fixed_packages

url pkg:composer/auth0/auth0-php@8.18.0

purl pkg:composer/auth0/auth0-php@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.18.0

Affected_packages

url pkg:composer/auth0/auth0-php@8.0.0

purl pkg:composer/auth0/auth0-php@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.0

url pkg:composer/auth0/auth0-php@8.0.1

purl pkg:composer/auth0/auth0-php@8.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.1

url pkg:composer/auth0/auth0-php@8.0.2

purl pkg:composer/auth0/auth0-php@8.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.2

url pkg:composer/auth0/auth0-php@8.0.3

purl pkg:composer/auth0/auth0-php@8.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.3

url pkg:composer/auth0/auth0-php@8.0.4

purl pkg:composer/auth0/auth0-php@8.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.4

url pkg:composer/auth0/auth0-php@8.0.5

purl pkg:composer/auth0/auth0-php@8.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.5

url pkg:composer/auth0/auth0-php@8.0.6

purl pkg:composer/auth0/auth0-php@8.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.0.6

url pkg:composer/auth0/auth0-php@8.1.0

purl pkg:composer/auth0/auth0-php@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.1.0

url pkg:composer/auth0/auth0-php@8.2.0

purl pkg:composer/auth0/auth0-php@8.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.2.0

url pkg:composer/auth0/auth0-php@8.2.1

purl pkg:composer/auth0/auth0-php@8.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.2.1

url pkg:composer/auth0/auth0-php@8.3.0

purl pkg:composer/auth0/auth0-php@8.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-kkcj-dvp9-tbg4

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.0

url pkg:composer/auth0/auth0-php@8.3.1

purl pkg:composer/auth0/auth0-php@8.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.1

url pkg:composer/auth0/auth0-php@8.3.2

purl pkg:composer/auth0/auth0-php@8.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.2

url pkg:composer/auth0/auth0-php@8.3.3

purl pkg:composer/auth0/auth0-php@8.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.3

url pkg:composer/auth0/auth0-php@8.3.4

purl pkg:composer/auth0/auth0-php@8.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.4

url pkg:composer/auth0/auth0-php@8.3.5

purl pkg:composer/auth0/auth0-php@8.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.5

url pkg:composer/auth0/auth0-php@8.3.6

purl pkg:composer/auth0/auth0-php@8.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.6

url pkg:composer/auth0/auth0-php@8.3.7

purl pkg:composer/auth0/auth0-php@8.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.7

url pkg:composer/auth0/auth0-php@8.3.8

purl pkg:composer/auth0/auth0-php@8.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.3.8

url pkg:composer/auth0/auth0-php@8.4.0

purl pkg:composer/auth0/auth0-php@8.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.4.0

url pkg:composer/auth0/auth0-php@8.5.0

purl pkg:composer/auth0/auth0-php@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.5.0

url pkg:composer/auth0/auth0-php@8.6.0

purl pkg:composer/auth0/auth0-php@8.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.6.0

url pkg:composer/auth0/auth0-php@8.7.0

purl pkg:composer/auth0/auth0-php@8.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.7.0

url pkg:composer/auth0/auth0-php@8.7.1

purl pkg:composer/auth0/auth0-php@8.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.7.1

url pkg:composer/auth0/auth0-php@8.8.0

purl pkg:composer/auth0/auth0-php@8.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.8.0

url pkg:composer/auth0/auth0-php@8.9.0

purl pkg:composer/auth0/auth0-php@8.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.9.0

url pkg:composer/auth0/auth0-php@8.9.1

purl pkg:composer/auth0/auth0-php@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.9.1

url pkg:composer/auth0/auth0-php@8.9.3

purl pkg:composer/auth0/auth0-php@8.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.9.3

url pkg:composer/auth0/auth0-php@8.10.0

purl pkg:composer/auth0/auth0-php@8.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.10.0

url pkg:composer/auth0/auth0-php@8.11.0

purl pkg:composer/auth0/auth0-php@8.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.11.0

url pkg:composer/auth0/auth0-php@8.11.1

purl pkg:composer/auth0/auth0-php@8.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.11.1

url pkg:composer/auth0/auth0-php@8.12.0

purl pkg:composer/auth0/auth0-php@8.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.12.0

url pkg:composer/auth0/auth0-php@8.13.0

purl pkg:composer/auth0/auth0-php@8.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-uyde-c8s3-eyfk

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.13.0

url pkg:composer/auth0/auth0-php@8.14.0

purl pkg:composer/auth0/auth0-php@8.14.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.14.0

url pkg:composer/auth0/auth0-php@8.15.0

purl pkg:composer/auth0/auth0-php@8.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.15.0

url pkg:composer/auth0/auth0-php@8.16.0

purl pkg:composer/auth0/auth0-php@8.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-ra6g-hrt7-yue7

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.16.0

url pkg:composer/auth0/auth0-php@8.17.0

purl pkg:composer/auth0/auth0-php@8.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8dve-yw6d-17gg

vulnerability	VCID-yp9u-s51c-rbfx

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/auth0/auth0-php@8.17.0

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-68129

reference_id

reference_type

scores

value	0.00087
scoring_system	epss
scoring_elements	0.25047
published_at	2026-06-07T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24989
published_at	2026-06-08T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.25112
published_at	2026-06-05T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.251
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-68129

reference_url

https://github.com/auth0/auth0-PHP

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/auth0-PHP

reference_url

https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f

reference_url

https://github.com/auth0/auth0-PHP/releases/tag/8.18.0

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/auth0-PHP/releases/tag/8.18.0

reference_url

https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3

reference_url

https://github.com/auth0/laravel-auth0/releases/tag/7.20.0

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/laravel-auth0/releases/tag/7.20.0

reference_url

https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479

reference_url

https://github.com/auth0/symfony/releases/tag/5.6.0

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/symfony/releases/tag/5.6.0

reference_url

https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de

reference_url

https://github.com/auth0/wordpress/releases/tag/5.5.0

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/wordpress/releases/tag/5.5.0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-68129

reference_id

CVE-2025-68129

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-68129

reference_url

https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h

reference_id

GHSA-7hh9-gp72-wh7h

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h

reference_url

https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g

reference_id

GHSA-f3r2-88mq-9v4g

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g

reference_url

https://github.com/advisories/GHSA-j2vm-wrq3-f7gf

reference_id

GHSA-j2vm-wrq3-f7gf

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j2vm-wrq3-f7gf

reference_url

https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf

reference_id

GHSA-j2vm-wrq3-f7gf

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf

reference_url

https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7

reference_id

GHSA-vvg7-8rmq-92g7

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7

Weaknesses

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8dve-yw6d-17gg

Vulnerability Instance