CVE-2025-68129 — MEDIUM (6.8)

Q: How severe is CVE-2025-68129?

CVE-2025-68129 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-68129?

Check the references section above for vendor advisories and patch information. Affected products include: Auth0 Auth0-Php, Auth0 Laravel-Auth0, Auth0 Symfony, Auth0 Wp-Auth0.

Vulnerability Description

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Auth0	Auth0-Php	>= 8.0.0, < 8.18.0
Auth0	Laravel-Auth0	>= 7.0.0, < 7.20.0
Auth0	Symfony	>= 5.0.0, < 5.6.0
Auth0	Wp-Auth0	>= 5.0.0, < 5.5.0

Related Weaknesses (CWE)

CWE-863

References

https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0fPatch
https://github.com/auth0/auth0-PHP/releases/tag/8.18.0ProductRelease Notes
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gfVendor Advisory
https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3dPatch
https://github.com/auth0/laravel-auth0/releases/tag/7.20.0ProductRelease Notes
https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7hVendor Advisory
https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479Patch
https://github.com/auth0/symfony/releases/tag/5.6.0ProductRelease Notes
https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4gVendor Advisory
https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018Patch
https://github.com/auth0/wordpress/releases/tag/5.5.0ProductRelease Notes
https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7Vendor Advisory

FAQ

What is CVE-2025-68129?

CVE-2025-68129 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper vali...

How severe is CVE-2025-68129?

CVE-2025-68129 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-68129?

Check the references section above for vendor advisories and patch information. Affected products include: Auth0 Auth0-Php, Auth0 Laravel-Auth0, Auth0 Symfony, Auth0 Wp-Auth0.