1. Home
  2. CVE Database
  3. CVE-2025-67490
MEDIUM · 5.4

CVE-2025-67490

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may resu...

Vulnerability Description

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Auth0Nextjs-Auth04.11.0

Related Weaknesses (CWE)

CWE-863

References

FAQ

What is CVE-2025-67490?

CVE-2025-67490 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may resu...

How severe is CVE-2025-67490?

CVE-2025-67490 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-67490?

Check the references section above for vendor advisories and patch information. Affected products include: Auth0 Nextjs-Auth0.