- Description
- Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.14.0 contains a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
CVE-2025-48951:Auth0-PHP SDKにおけるCookieデータのデシリアライゼーション処理の脆弱性—任意のコード実行の危険性により緊急アップデートを推奨 https://t.co/vb9mLPfBOP @nikkeimatomeより
@nikkeimatome
5 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/H1EgPHJfDB 🚨🚨CVE-2025-48951 (CVSS 9.3) slams Auth0-PHP! Insecure deserialization of cookie data lets attackers send malicious serialized cookies—no auth needed! This could lead to total system compromise.
@zoomeye_team
5 Jun 2025
1124 Impressions
8 Retweets
17 Likes
7 Bookmarks
0 Replies
0 Quotes
認証ツールキットとして1,600万回以上ダウンロードされたAuth0 PHP SDKに重大な脆弱性(CVE-2025-48951)が発見された。 未認証の段階で処理されるCookieのデシリアライズに起因し、攻撃者が細工したCookieを送信する
@yousukezan
5 Jun 2025
680 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48951: Critical Deserialization Flaw in Auth0 PHP SDK Threatens Millions of Applications https://t.co/YfBhgk65WG
@the_yellow_fall
5 Jun 2025
614 Impressions
7 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-48951 Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of c… https://t.co/vd159Wh8kN
@CVEnew
3 Jun 2025
566 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-48951: CRITICAL] Vulnerability alert: Auth0-PHP SDK versions 8.0.0-BETA3 to 8.14.0 are susceptible to cookie data deserialization attacks. Update to version 8.14.0 to patch the security flaw. #cybe...#cve,CVE-2025-48951,#cybersecurity https://t.co/1E668SVSNI https://t.c
@CveFindCom
3 Jun 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes