CVE-2025-48370 – Supabase Auth URL Path Traversal Vulnerability

May 27, 2025

CVE ID : CVE-2025-48370

Published : May 27, 2025, 4:15 p.m. | 43 minutes ago

Description : auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.69.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5248 – PHPGurukul Company Visitor Management System SQL Injection Vulnerability

Next Article CVE-2025-27701 – Apache HTTP Server Null Pointer Dereference

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Top 10 Use Cases of Vibe Coding in Large-Scale Node.js Applications

Building smarter interactions with MCP elicitation: From clunky tool calls to seamless user experiences

From Zero to MCP: Simplifying AI Integrations with xmcp

Distribution Release: Linux Mint 22.2

Coded Smorgasbord: Basically, a Smorgasbord

Drupal 11’s AI Features: What They Actually Mean for Your Team

Drupal 11’s AI Features: What They Actually Mean for Your Team

Why Data Governance Matters More Than Ever in 2025?

Perficient Included in the IDC Market Glance for Digital Business Professional Services, 3Q25

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

Distribution Release: Linux Mint 22.2

‘Cronos: The New Dawn’ was by far my favorite experience at Gamescom 2025 — Bloober might have cooked an Xbox / PC horror masterpiece

CVE-2025-48370 – Supabase Auth URL Path Traversal Vulnerability

Critical Linux UDisks Daemon Vulnerability (CVE-2025-8067) Exposes Privileged Data to Local Attackers

Google Slapped with $381 Million Fine in France Over Gmail Ads, Cookie Consent Missteps

Arch Linux saluta Redis e adotta Valkey: cosa cambia per la comunità GNU/Linux

Mamorukun ReCurse! Brings Bullet Hell Action to Xbox Series X|S This September

Microsoft: April updates cause Windows Server auth issues

New postdoctoral fellowship program to accelerate innovation in health care

From SplitText to MorphSVG: 5 Creative Demos Using Free GSAP Plugins

Autonomous mortgage processing using Amazon Bedrock Data Automation and Amazon Bedrock Agents

CVE-2025-20994 – Samsung Internet File Access Vulnerability

Rilasciato Wine 10.11: Preparazione per NTSync e correzioni per oltre 25 bug

CVE-2025-48370 – Supabase Auth URL Path Traversal Vulnerability

Related Posts