← back
CVE-2025-67490

Auth0 Next.js SDK has Improper Request Caching Lookup

CVSS 5.4 MEDIUMEPSS 0.2%CWE-863
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Affected products
auth0 · nextjs-auth0

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0bhttps://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7