Plattform
php
Komponente
auth0/auth0-php
Behoben in
8.0.1
8.14.0
This vulnerability, CVE-2025-47275, affects applications utilizing the Auth0-PHP SDK configured with CookieStore for session storage. An attacker can brute-force authentication tags within session cookies, potentially gaining unauthorized access to user accounts and sensitive data. This issue impacts Auth0-PHP SDK versions up to 8.9.3. A fix is available in version 8.14.0.
The primary impact of CVE-2025-47275 is the potential for unauthorized access to applications relying on the Auth0-PHP SDK. By successfully brute-forcing the authentication tags in session cookies, an attacker can impersonate legitimate users and execute actions on their behalf. This could involve accessing sensitive user data, modifying application configurations, or even gaining control of the entire application. The blast radius extends to any application using the vulnerable SDK and CookieStore configuration, potentially impacting a large number of users and systems. This vulnerability shares similarities with other cookie-based authentication bypasses, where weak or predictable authentication mechanisms are exploited.
CVE-2025-47275 was publicly disclosed on 2025-05-16. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released at the time of writing, the vulnerability's nature and severity suggest that a PoC is likely to emerge. It is not currently listed on the CISA KEV catalog.
Applications built with Symfony, Laravel, or WordPress that integrate with Auth0 for authentication and utilize the Auth0-PHP SDK with CookieStore session storage are particularly at risk. Shared hosting environments where multiple applications share the same PHP installation are also vulnerable, as a compromise of one application could potentially expose others.
• php / server:
find /var/www/html -name 'auth0-php' -type d -print0 | xargs -0 grep -i 'CookieStore'• php / server:
journalctl -u php-fpm | grep -i "Auth0-PHP"• generic web: Use a web proxy or browser extension to inspect session cookies for the presence of authentication tags. Look for patterns that could be brute-forced. • generic web: Review application logs for unusual authentication attempts or errors related to session management.
disclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-47275 is to immediately upgrade the Auth0-PHP SDK to version 8.14.0 or later. If an immediate upgrade is not feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. These might include stricter rate limiting on authentication tag requests, or implementing additional authentication checks within the application logic. Monitor application logs for suspicious activity, particularly unusual authentication attempts. After upgrading, confirm the fix by attempting to reproduce the authentication bypass using a known exploit technique and verifying that it fails.
Actualice la biblioteca Auth0-PHP a la versión 8.14.0 o superior. Como medida de precaución adicional, se recomienda rotar las claves de cifrado de las cookies. Tenga en cuenta que después de la actualización, las cookies de sesión anteriores serán rechazadas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-47275 is a critical vulnerability in Auth0-PHP SDK versions up to 8.9.3 that allows attackers to brute-force authentication tags in session cookies, leading to unauthorized access.
You are affected if you use Auth0-PHP SDK versions ≤8.9.3 and have session storage configured with CookieStore, including applications using Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress.
Upgrade Auth0-PHP SDK to version 8.14.0 or later. Consider temporary workarounds like rate limiting if an immediate upgrade is not possible.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted.
Refer to the official Auth0 security advisory for detailed information and updates: [https://auth0.com/docs/security/security-advisories/auth0-php-sdk-authentication-bypass]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.