{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T14:26:07.737","vulnerabilities":[{"cve":{"id":"CVE-2025-48951","sourceIdentifier":"security-advisories@github.com","published":"2025-06-03T21:15:21.840","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data. Applications using the Auth0-PHP SDK are affected, as are applications using the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs, because those SDKsrely on the Auth0-PHP SDK versions from 8.0.0-BETA3 until 8.14.0. Version 8.3.1 contains a patch for the issue."},{"lang":"es","value":"Auth0-PHP es un SDK de PHP para las API de autenticación y administración de Auth0. Las versiones 8.0.0-BETA3 anteriores a la 8.14.0 contienen una vulnerabilidad debido a la deserialización insegura de los datos de las cookies. Si se explota, dado que los SDK procesan el contenido de las cookies sin autenticación previa, un atacante podría enviar una cookie especialmente diseñada con datos serializados maliciosos. Las aplicaciones que utilizan el SDK de Auth0-PHP se ven afectadas, al igual que las aplicaciones que utilizan los SDK de Auth0/Symfony, Auth0/Laravel-auth0 o Auth0/WordPress, ya que estos SDK dependen de las versiones 8.0.0-BETA3 a 8.14.0 del SDK de Auth0-PHP. La versión 8.3.1 incluye un parche para este problema.\n"}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://github.com/auth0/auth0-PHP/commit/04b1f5daa8bdfebc5e740ec5ca0fb2df1648a715","source":"security-advisories@github.com"},{"url":"https://github.com/auth0/auth0-PHP/security/advisories/GHSA-v9m8-9xxp-q492","source":"security-advisories@github.com"},{"url":"https://github.com/auth0/laravel-auth0/security/advisories/GHSA-c42h-56wx-h85q","source":"security-advisories@github.com"},{"url":"https://github.com/auth0/symfony/security/advisories/GHSA-98j6-67v3-mw34","source":"security-advisories@github.com"},{"url":"https://github.com/auth0/wordpress/security/advisories/GHSA-862m-5253-832r","source":"security-advisories@github.com"}]}}]}