← back
CVE-2025-53548

@clerk/backend Performs Insufficient Verification of Data Authenticity

CVSS 7.5 HIGHEPSS 0.2%CWE-345
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
clerk · javascript

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9