Common Weakness Enumeration

CWE-305

Allowed

Authentication Bypass by Primary Weakness

Abstraction: Base · Status: Draft

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

281 vulnerabilities reference this CWE, most recent first.

GHSA-45J5-GMRP-65WR

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2026-05-18 15:30
VLAI
Details

A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-45031"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in MEPSAN\u0027s USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.",
  "id": "GHSA-45j5-gmrp-65wr",
  "modified": "2026-05-18T15:30:31Z",
  "published": "2022-03-31T00:00:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45031"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-22-0269"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-22-0269"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-485M-923F-95WX

Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2025-10-22 00:33
VLAI
Details

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37085"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-25T15:15:12Z",
    "severity": "MODERATE"
  },
  "details": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously  configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html  by re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD.",
  "id": "GHSA-485m-923f-95wx",
  "modified": "2025-10-22T00:33:03Z",
  "published": "2024-06-25T15:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37085"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4979-4XQF-M5VX

Vulnerability from github – Published: 2025-01-02 12:32 – Updated: 2026-04-28 21:35
VLAI
Details

Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-02T12:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28.",
  "id": "GHSA-4979-4xqf-m5vx",
  "modified": "2026-04-28T21:35:29Z",
  "published": "2025-01-02T12:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46611"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/yop-poll/vulnerability/wordpress-yop-poll-plugin-6-5-28-vote-manipulation-due-to-broken-captcha-control-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4F9F-MPMJ-4C52

Vulnerability from github – Published: 2023-03-30 21:30 – Updated: 2024-03-27 15:30
VLAI
Details

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27536"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-30T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "An authentication bypass vulnerability exists libcurl \u003c8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.",
  "id": "GHSA-4f9f-mpmj-4c52",
  "modified": "2024-03-27T15:30:36Z",
  "published": "2023-03-30T21:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1895135"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-12"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230420-0010"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4MQ7-PVJG-XP2R

Vulnerability from github – Published: 2026-03-20 20:51 – Updated: 2026-03-27 20:59
VLAI
Summary
Ory Oathkeeper has an authentication bypass by cache key confusion
Details

Description

Ory Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The oauth2_introspection authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server.

Preconditions

Ory Oathkeeper has to be configured with multiple oauth2_introspection authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers.

Mitigation

Ory Oathkeeper now includes the introspection server URL in the cache key, preventing confusion of tokens.

Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for oauth2_introspection authenticators.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/ory/oathkeeper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.40.10-0.20260320084801-198a2bc82a99"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-33496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1289",
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-20T20:51:07Z",
    "nvd_published_at": "2026-03-26T18:16:30Z",
    "severity": "HIGH"
  },
  "details": "## Description\n\nOry Oathkeeper is vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server.\n\n## Preconditions\n\nOry Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be [configured to use caching](https://www.ory.com/docs/oathkeeper/pipeline/authn#oauth2_introspection-configuration). An attacker has to have a way to gain a valid token for one of the configured introspection servers.\n\n## Mitigation\n\nOry Oathkeeper now includes the introspection server URL in the cache key, preventing confusion of tokens.\n\nUpdate to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators.",
  "id": "GHSA-4mq7-pvjg-xp2r",
  "modified": "2026-03-27T20:59:10Z",
  "published": "2026-03-20T20:51:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ory/oathkeeper/security/advisories/GHSA-4mq7-pvjg-xp2r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33496"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ory/oathkeeper/commit/198a2bc82a99e0a77bd0ffe290cbdd5285a1b17c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ory/oathkeeper"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ory Oathkeeper has an authentication bypass by cache key confusion"
}

GHSA-4QRV-GCG3-8H65

Vulnerability from github – Published: 2025-12-19 18:31 – Updated: 2025-12-19 18:31
VLAI
Details

Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-19T17:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "Glutton V1 service endpoints were exposed without any authentication on Gotham stacks, this could have allowed users that did not have any permission to hit glutton backend directly and read/update/delete data. The affected service has been patched and automatically deployed to all Apollo-managed Gotham Instances",
  "id": "GHSA-4qrv-gcg3-8h65",
  "modified": "2025-12-19T18:31:18Z",
  "published": "2025-12-19T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49587"
    },
    {
      "type": "WEB",
      "url": "https://palantir.safebase.us/?tcuUid=95e2d805-dd2f-4544-b164-e61100f47b11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4RCC-7PG7-F57F

Vulnerability from github – Published: 2025-03-03 20:09 – Updated: 2025-03-03 20:09
VLAI
Summary
Security Update for the OPC UA .NET Standard Stack
Details

This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "OPCFoundation.NetStandard.Opc.Ua.Bindings.Https"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.374.158"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42513"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290",
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-03T20:09:54Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "This security update resolves a vulnerability in the OPC UA .NET Standard Stack that allows an unauthorized attacker to bypass application authentication when using HTTPS endpoints.",
  "id": "GHSA-4rcc-7pg7-f57f",
  "modified": "2025-03-03T20:09:55Z",
  "published": "2025-03-03T20:09:54Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OPCFoundation/UA-.NETStandard/security/advisories/GHSA-4rcc-7pg7-f57f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42513"
    },
    {
      "type": "WEB",
      "url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-42513.pdf"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OPCFoundation/UA-.NETStandard"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OPCFoundation/UA-.NETStandard/tree/1.5.374.158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Security Update for the OPC UA .NET Standard Stack"
}

GHSA-4V7J-4MVR-5975

Vulnerability from github – Published: 2026-07-13 09:31 – Updated: 2026-07-13 09:31
VLAI
Details

Mattermost versions 11.7.x <= 11.7.2, 11.6.x <= 11.6.4, 10.11.x <= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-9571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-13T09:16:25Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost versions 11.7.x \u003c= 11.7.2, 11.6.x \u003c= 11.6.4, 10.11.x \u003c= 10.11.19 fail to invalidate OAuth refresh tokens upon user account deactivation, which allows a deactivated user or an attacker in possession of a valid refresh token to obtain new functional access tokens via the OAuth refresh token grant endpoint.. Mattermost Advisory ID: MMSA-2026-00680",
  "id": "GHSA-4v7j-4mvr-5975",
  "modified": "2026-07-13T09:31:43Z",
  "published": "2026-07-13T09:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9571"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-4V8W-GG5J-PH37

Vulnerability from github – Published: 2025-11-03 17:07 – Updated: 2026-03-06 00:14
VLAI
Summary
MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling
Details

Due to an incorrect use of loose (==) instead of strict (===) comparison in the authentication code, PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation.

Impact

On MantisBT instances configured to use the MD5 login method, user accounts having a password hash evaluating to zero (i.e. matching regex ^0+[Ee][0-9]+$) are vulnerable, allowing an attacker knowing the victim's username to login without knowledge of their actual password, using any other password having a hash evaluating to zero, for example comito5 (0e579603064547166083907005281618).

No password bruteforcing for individual users is needed, thus $g_max_failed_login_count does not protect against the attack.

Patches

  • https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2

Workarounds

Check the database for vulnerable accounts, and change those users' passwords, e.g. for MySQL:

SELECT username, email FROM mantis_user_table WHERE password REGEXP '^0+[Ee][0-9]+$'

References

  • https://mantisbt.org/bugs/view.php?id=35967

Credits

Thanks to Harry Sintonen / Reversec for discovering and reporting the issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "mantisbt/mantisbt"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.27.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47776"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305",
      "CWE-697"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-03T17:07:36Z",
    "nvd_published_at": "2025-11-04T21:15:37Z",
    "severity": "HIGH"
  },
  "details": "Due to an incorrect use of loose (`==`) instead of strict (`===`) comparison in the [authentication code][1], PHP type juggling will cause interpretation of certain MD5 hashes as numbers, specifically those matching scientific notation.\n\n[1]: https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782\n\n### Impact\nOn MantisBT instances configured to use the *MD5* login method, user accounts having a password hash evaluating to zero (i.e. matching regex `^0+[Ee][0-9]+$`) are vulnerable, allowing an attacker knowing the victim\u0027s username to login without knowledge of their actual password, using any other password having a  hash evaluating to zero, for example `comito5` (0e579603064547166083907005281618). \n\nNo password bruteforcing for individual users is needed, thus $g_max_failed_login_count does not protect against the attack.\n\n### Patches\n* https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2\n\n### Workarounds\nCheck the database for vulnerable accounts, and change those users\u0027 passwords, e.g. for MySQL:\n```sql\nSELECT username, email FROM mantis_user_table WHERE password REGEXP \u0027^0+[Ee][0-9]+$\u0027\n```\n\n### References\n- https://mantisbt.org/bugs/view.php?id=35967\n\n### Credits\nThanks to Harry Sintonen / Reversec for discovering and reporting the issue.",
  "id": "GHSA-4v8w-gg5j-ph37",
  "modified": "2026-03-06T00:14:39Z",
  "published": "2025-11-03T17:07:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/security/advisories/GHSA-4v8w-gg5j-ph37"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47776"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/commit/966554a19cf1bdbcfbfb3004766979faa748f9a2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mantisbt/mantisbt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mantisbt/mantisbt/blob/0fb502dd613991e892ed2224ac5ea3e40ba632bc/core/authentication_api.php#L782"
    },
    {
      "type": "WEB",
      "url": "https://mantisbt.org/bugs/view.php?id=35967"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "MantisBT vulnerable to authentication bypass for some passwords due to PHP type juggling"
}

GHSA-537F-GXGM-3JJQ

Vulnerability from github – Published: 2025-05-13 21:34 – Updated: 2025-05-13 21:34
VLAI
Summary
OpenPubkey Vulnerable to Authentication Bypass
Details

Impact

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.

Patches

Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0.

References

CVE-2025-3757

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/openpubkey/openpubkey"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.10.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-3757"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-305"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-13T21:34:03Z",
    "nvd_published_at": "2025-05-13T17:16:04Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nVersions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.\n\n### Patches\n\nUpgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0. \n\n### References\n\n[CVE-2025-3757 ](https://www.cve.org/CVERecord?id=CVE-2025-3757)",
  "id": "GHSA-537f-gxgm-3jjq",
  "modified": "2025-05-13T21:34:03Z",
  "published": "2025-05-13T21:34:03Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3757"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openpubkey/openpubkey"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenPubkey Vulnerable to Authentication Bypass"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.