CVE-2025-58769: auth0-PHP: Improper File Type Handling in Bulk User Import

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-58769

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

auth0-PHP: Improper File Type Handling in Bulk User Import

Source: NVD (National Vulnerability Database)

Vulnerability Description

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0–8.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Auth0-PHP 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Auth0-PHP是Auth0开源的一个用于Auth0身份验证和管理API的PHP SDK。 Auth0-PHP 3.3.0版本至8.16.0版本存在安全漏洞，该漏洞源于未验证文件路径包装器或值，可能导致接受任意文件路径或URL。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
auth0	laravel-auth0	>= 3.3.0, < 8.17.0	-

II. Public POCs for CVE-2025-58769

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-58769

Please Login to view more intelligence information

https://github.com/auth0/auth0-PHP/releases/tag/8.17.0x_refsource_MISC
https://github.com/auth0/symfony/security/advisories/GHSA-7jp2-5h22-m432x_refsource_MISC
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-9mh6-g99m-ppcwx_refsource_MISC
https://github.com/auth0/wordpress/security/advisories/GHSA-w22c-pw5m-482xx_refsource_MISC
https://github.com/auth0/laravel-auth0/security/advisories/GHSA-hjfh-5jmm-xr24x_refsource_CONFIRM
https://github.com/auth0/auth0-PHP/commit/9026da58f5c381cd4cb5932de829eff6eacbb65cx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-58769

IV. Related Vulnerabilities

Same vendor: auth0

Same weakness: CWE-22

V. Comments for CVE-2025-58769

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-58769

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-58769

III. Intelligence Information for CVE-2025-58769

IV. Related Vulnerabilities

V. Comments for CVE-2025-58769

Leave a comment