1. Home
  2. CVE Database
  3. CVE-2025-46345
NONE · 0

CVE-2025-46345

Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a f...

Vulnerability Description

Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a forged token and the potential to access user information without proper authorization. This issue has been patched in versions 2.6.7, 2.7.0, and 3.0.0. It is recommended to upgrade to version 3.0.0 or greater.

Related Weaknesses (CWE)

CWE-290

References

FAQ

What is CVE-2025-46345?

CVE-2025-46345 is a documented vulnerability. Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided JWT. This allows the user the ability to supply a f...

How severe is CVE-2025-46345?

CVSS scoring is not yet available for CVE-2025-46345. Check NVD for updates.

Is there a patch for CVE-2025-46345?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.