VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-gfc3-9m5s-m3bt

Essentials
Severities (33)
References (16)
Severity details (30)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-gfc3-9m5s-m3bt
Aliases	CVE-2025-68129 GHSA-j2vm-wrq3-f7gf
Summary	Auth0-PHP SDK has Improper Audience Validation
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-863	Incorrect Authorization
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2025-68129
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2025-68129
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2025-68129
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-j2vm-wrq3-f7gf
cvssv3.1	6.8	https://github.com/auth0/auth0-PHP
generic_textual	MODERATE	https://github.com/auth0/auth0-PHP
cvssv3.1	6.8	https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f
generic_textual	MODERATE	https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f
cvssv3.1	6.8	https://github.com/auth0/auth0-PHP/releases/tag/8.18.0
generic_textual	MODERATE	https://github.com/auth0/auth0-PHP/releases/tag/8.18.0
cvssv3.1	6.8	https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf
cvssv3.1_qr	MODERATE	https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf
generic_textual	MODERATE	https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf
cvssv3.1	6.8	https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3
generic_textual	MODERATE	https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3
cvssv3.1	6.8	https://github.com/auth0/laravel-auth0/releases/tag/7.20.0
generic_textual	MODERATE	https://github.com/auth0/laravel-auth0/releases/tag/7.20.0
cvssv3.1	6.8	https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h
generic_textual	MODERATE	https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h
cvssv3.1	6.8	https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479
generic_textual	MODERATE	https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479
cvssv3.1	6.8	https://github.com/auth0/symfony/releases/tag/5.6.0
generic_textual	MODERATE	https://github.com/auth0/symfony/releases/tag/5.6.0
cvssv3.1	6.8	https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g
generic_textual	MODERATE	https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g
cvssv3.1	6.8	https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de
generic_textual	MODERATE	https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de
cvssv3.1	6.8	https://github.com/auth0/wordpress/releases/tag/5.5.0
generic_textual	MODERATE	https://github.com/auth0/wordpress/releases/tag/5.5.0
cvssv3.1	6.8	https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7
generic_textual	MODERATE	https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7
cvssv3.1	6.8	https://nvd.nist.gov/vuln/detail/CVE-2025-68129
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-68129

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2025-68129
		https://github.com/auth0/auth0-PHP
		https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f
		https://github.com/auth0/auth0-PHP/releases/tag/8.18.0
		https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3
		https://github.com/auth0/laravel-auth0/releases/tag/7.20.0
		https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479
		https://github.com/auth0/symfony/releases/tag/5.6.0
		https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de
		https://github.com/auth0/wordpress/releases/tag/5.5.0
CVE-2025-68129		https://nvd.nist.gov/vuln/detail/CVE-2025-68129
GHSA-7hh9-gp72-wh7h		https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h
GHSA-f3r2-88mq-9v4g		https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g
GHSA-j2vm-wrq3-f7gf		https://github.com/advisories/GHSA-j2vm-wrq3-f7gf
GHSA-j2vm-wrq3-f7gf		https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf
GHSA-vvg7-8rmq-92g7		https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/auth0-PHP

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/auth0-PHP/releases/tag/8.18.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/laravel-auth0/releases/tag/7.20.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7h

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/symfony/releases/tag/5.6.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4g

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018de

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/wordpress/releases/tag/5.5.0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2025-68129

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.25033
EPSS Score	0.00087
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:37:05.778958+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-j2vm-wrq3-f7gf	38.6.0