CVE-2025-27371

MEDIUM Year: 2025
CVSS v3 Score
6.9
Medium
Weakness Type
CWE-305
View all →

Vulnerability Description

In certain IETF OAuth 2.0-related specifications, when the JSON Web Token Profile for OAuth 2.0 Client Authentication mechanism is used, there are ambiguities in the audience values of JWTs sent to authorization servers. The affected RFCs may include RFC 7523, and also RFC 7521, RFC 7522, RFC 9101 (JAR), and RFC 9126 (PAR).

Related Vulnerabilities

CVE-2025-27370

MEDIUM
CVSS:6.9(Medium)

OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a ...

CWE-3052025

CVE-2024-12582

HIGH
CVSS:7.1(High)

A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud envi...

CWE-3052024

CVE-2024-20463

HIGH
CVSS:7.1(High)

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to modify the configuration or reboot an...

CWE-3052024

CVE-2024-38433

MEDIUM
CVSS:6.7(Medium)

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-...

CWE-3052024

CVE-2025-31192

MEDIUM
CVSS:6.7(Medium)

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

CWE-3052025

CVE-2022-4722

HIGH
CVSS:7.2(High)

Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.

CWE-3052022