How severe is CVE-2025-31123?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2025-31123?

This is classified as CWE-324, which is a common weakness in software security.

CVE-2025-31123

HIGH Year: 2025

CVSS v3 Score

8.7

High

Weakness Type

CWE-324

View all →

Vulnerability Description

Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9.

CVE-2022-24732

HIGH

CVSS:8.8(High)

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are ...

CWE-3242022

CVE-2022-35401

CRITICAL

CVSS:9.0(Critical)

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative acc...

CWE-3242022

CVE-2025-2291

HIGH

CVSS:8.1(High)

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CWE-3242025

CVE-2024-36031

CRITICAL

CVSS:9.8(Critical)

In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation,...

CWE-3242024

CVE-2021-33020

HIGH

CVSS:7.5(High)

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attac...

CWE-3242021