{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T16:11:24.820","vulnerabilities":[{"cve":{"id":"CVE-2025-23017","sourceIdentifier":"cve@mitre.org","published":"2025-02-24T15:15:13.393","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred."},{"lang":"es","value":" WorkOS Hosted AuthKit anterior al 7 de enero de 2025 permite omitir la autenticación de contraseñas mediante MFA (mediante el registro de un nuevo factor de autenticación) cuando el atacante conoce la contraseña del usuario. No se produjo ninguna explotación."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.7}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-305"}]}],"references":[{"url":"https://workos.com/security/advisories","source":"cve@mitre.org"},{"url":"https://www.authkit.com","source":"cve@mitre.org"}]}}]}