CVE-2025-27370

MEDIUM Year: 2025
CVSS v3 Score
6.9
Medium
Weakness Type
CWE-305
View all →

Vulnerability Description

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including token endpoints or issuer identifiers of other Authorization Servers. The malicious Authorization Server could then use these private key JWTs to impersonate the Client.

Related Vulnerabilities

CVE-2025-27371

MEDIUM
CVSS:6.9(Medium)

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to au...

CWE-3052025

CVE-2024-12582

HIGH
CVSS:7.1(High)

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud envi...

CWE-3052024

CVE-2024-20463

HIGH
CVSS:7.1(High)

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an...

CWE-3052024

CVE-2024-38433

MEDIUM
CVSS:6.7(Medium)

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-...

CWE-3052024

CVE-2025-31192

MEDIUM
CVSS:6.7(Medium)

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

CWE-3052025

CVE-2022-4722

HIGH
CVSS:7.2(High)

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CWE-3052022