CVE-2025-48951 – Auth0-PHP Insecure Cookie Deserialization Vulnerability

June 3, 2025

CVE ID : CVE-2025-48951

Published : June 3, 2025, 9:15 p.m. | 30 minutes ago

Description : Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.14.0 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.14.0 contains a patch for the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49002 – DataEase Case Insensitive Patch Bypass Vulnerability

Next Article CVE-2025-5525 – “Jrohy Trojan LogChan os Command Injection Vulnerability”

Highlights

CVE-2025-34072 – “Anthropic Slack MCP Server Data Exfiltration Vulnerability”

July 2, 2025

CVE ID : CVE-2025-34072

Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago

Description : A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-48951 – Auth0-PHP Insecure Cookie Deserialization Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Apple now sells refurbished iPhone 15 models at discounted prices (including the Pro Max)

CVE-2025-30409 – Acronis Cyber Protect Cloud Agent Denial of Service

CVE-2025-46546 – Sherpa Orchestrator Blind SQL Injection Vulnerability

PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs

CVE-2025-34072 – “Anthropic Slack MCP Server Data Exfiltration Vulnerability”

Trend Micro fixes critical vulnerabilities in multiple products

Elementary OS 8: Where Privacy Meets Design Simplicity for a Better Linux Experience

Google May Lose Chrome, And OpenAI’s First in Line to Grab It

CVE-2025-48951 – Auth0-PHP Insecure Cookie Deserialization Vulnerability

Related Posts