CVE-2025-67490

MEDIUM

nextjs-auth0 4.11.0-4.11.2 and 4.12.0 - Incorrect Authorization via TokenRequestCache Lookup

Title source: llm
STIX 2.1

Description

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.

Scores

CVSS v3 5.4
EPSS 0.0017
EPSS Percentile 6.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-863
Status published
Products (4)
auth0/nextjs-auth0 4.11.0
auth0/nextjs-auth0 4.11.1
auth0/nextjs-auth0 4.12.0
auth0/nextjs-auth0 4.11.0 - 4.11.2npm
Published Dec 10, 2025
Tracked Since Feb 18, 2026