How severe is CVE-2025-30168?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.9 out of 10.

What type of vulnerability is CVE-2025-30168?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2025-30168 - MEDIUM Severity | CVSS 6.9

Vulnerability Description

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 7.5.2 and 8.0.2, the 3rd party authentication handling of Parse Server allows the authentication credentials of some specific authentication providers to be used across multiple Parse Server apps. For example, if a user signed up using the same authentication provider in two unrelated Parse Server apps, the credentials stored by one app can be used to authenticate the same user in the other app. Note that this only affects Parse Server apps that specifically use an affected 3rd party authentication provider for user authentication, for example by setting the Parse Server option auth to configure a Parse Server authentication adapter. The fix of this vulnerability requires to upgrade Parse Server to a version that includes the bug fix, as well as upgrade the client app to send a secure payload, which is different from the previous insecure payload. This vulnerability is fixed in 7.5.2 and 8.0.2.

Related Vulnerabilities

CVE-2018-17923

MEDIUM

CVSS:6.9(Medium)

SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.

CWE-2872018

CVE-2020-7323

MEDIUM

CVSS:6.9(Medium)

Authentication Protection Bypass vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2020 Update allows physical local users to bypass the Windows lock screen via tri...

CWE-2872020

CVE-2024-55886

MEDIUM

CVSS:6.9(Medium)

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data ...

CWE-2872024

CVE-2017-3765

HIGH

CVSS:7.0(High)

In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in...

CWE-2872017

CVE-2018-0886

HIGH

CVSS:7.0(High)

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1...

CWE-2872018

CVE-2018-13435

HIGH

CVSS:7.0(High)

An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode...

CWE-2872018