CVE-2025-25207
MEDIUMAuthorino - Denial of Service via Post-Authorization Callback Flood
Title source: llmDescription
The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-25207
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2347421
Scores
CVSS v3
5.7
EPSS
0.0003
EPSS Percentile
8.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (2)
kuadrant/authorino
0Go
Red Hat/Red Hat Connectivity Link 1
Published
Jun 09, 2025
Tracked Since
Feb 18, 2026