CVE Alert: CVE-2025-27371
Vulnerability Summary: CVE-2025-27371
In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR).
Affected Endpoints:
No affected endpoints listed.
Published Date:
3/3/2025, 6:15:40 PM
⚠️ CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://openid.net/notice-of-a-security-vulnerability/
- https://openid.net/wp-content/uploads/2025/01/OIDF-Responsible-Disclosure-Notice-on-Security-Vulnerability-for-private_key_jwt.pdf
- https://talks.secworkshop.events/osw2025/talk/R8D9BS/
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
