VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-62ms-nmn4-qyf4

Essentials
Severities (17)
References (21)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-62ms-nmn4-qyf4
Aliases	CVE-2025-61920 GHSA-pq5p-34cr-23v9
Summary
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-20	Improper Input Validation
CWE-400	Uncontrolled Resource Consumption
CWE-770	Allocation of Resources Without Limits or Throttling
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61920.json
epss	0.00424	https://api.first.org/data/v1/epss?cve=CVE-2025-61920
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-pq5p-34cr-23v9
cvssv3.1	7.5	https://github.com/authlib/authlib
generic_textual	HIGH	https://github.com/authlib/authlib
cvssv3.1	7.5	https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e
generic_textual	HIGH	https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e
ssvc	Track	https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e
cvssv3.1	7.5	https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
cvssv3.1_qr	HIGH	https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
generic_textual	HIGH	https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
ssvc	Track	https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html
generic_textual	HIGH	https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2025-61920
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2025-61920

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61920.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-61920
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61920
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/authlib/authlib
		https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html
2403179		https://bugzilla.redhat.com/show_bug.cgi?id=2403179
867e3f87b072347a1ae9cf6983cc8bbf88447e5e		https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e
CVE-2025-61920		https://nvd.nist.gov/vuln/detail/CVE-2025-61920
GHSA-pq5p-34cr-23v9		https://github.com/advisories/GHSA-pq5p-34cr-23v9
GHSA-pq5p-34cr-23v9		https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
RHSA-2025:22182		https://access.redhat.com/errata/RHSA-2025:22182
RHSA-2025:22287		https://access.redhat.com/errata/RHSA-2025:22287
RHSA-2025:23028		https://access.redhat.com/errata/RHSA-2025:23028
RHSA-2025:23059		https://access.redhat.com/errata/RHSA-2025:23059
RHSA-2025:23060		https://access.redhat.com/errata/RHSA-2025:23060
RHSA-2025:23061		https://access.redhat.com/errata/RHSA-2025:23061
RHSA-2025:23064		https://access.redhat.com/errata/RHSA-2025:23064
RHSA-2025:23176		https://access.redhat.com/errata/RHSA-2025:23176
RHSA-2026:4215		https://access.redhat.com/errata/RHSA-2026:4215
USN-8065-1		https://usn.ubuntu.com/8065-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61920.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/authlib/authlib

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:46:55Z/ Found at https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T20:46:55Z/ Found at https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2025/10/msg00032.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-61920

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.62628
EPSS Score	0.00424
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:13:29.383801+00:00	SUSE Severity Score Importer	Import	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml	38.6.0