CVE-2025-68129: Auth0-PHP SDK has Improper Audience Validation

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-68129

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Auth0-PHP SDK has Improper Audience Validation

Source: NVD (National Vulnerability Database)

Vulnerability Description

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

授权机制不正确

Source: NVD (National Vulnerability Database)

Vulnerability Title

Auth0-PHP 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Auth0-PHP是Auth0开源的一个用于Auth0身份验证和管理API的PHP SDK。 Auth0-PHP 8.0.0版本至8.17.0版本存在安全漏洞，该漏洞源于访问令牌中的受众验证不当，可能导致接受ID令牌作为访问令牌。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
auth0	auth0-PHP	>= 8.0.0, < 8.18.0	-

II. Public POCs for CVE-2025-68129

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-68129

Please Login to view more intelligence information

https://github.com/auth0/symfony/releases/tag/5.6.0x_refsource_MISC
https://github.com/auth0/wordpress/releases/tag/5.5.0x_refsource_MISC
https://github.com/auth0/auth0-PHP/releases/tag/8.18.0x_refsource_MISC
https://github.com/auth0/laravel-auth0/releases/tag/7.20.0x_refsource_MISC
https://github.com/auth0/symfony/security/advisories/GHSA-f3r2-88mq-9v4gx_refsource_MISC
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-j2vm-wrq3-f7gfx_refsource_CONFIRM
https://github.com/auth0/wordpress/security/advisories/GHSA-vvg7-8rmq-92g7x_refsource_MISC
https://github.com/auth0/laravel-auth0/security/advisories/GHSA-7hh9-gp72-wh7hx_refsource_MISC
https://github.com/auth0/symfony/commit/0103d6f8dcef6996653fad1f823d1c167f472479x_refsource_MISC
https://github.com/auth0/auth0-PHP/commit/7fe700053aee609718460c123f00f53c511f0f7fx_refsource_MISC
https://github.com/auth0/wordpress/commit/b207c6f7fd06507b90c4e6bcc18a857ef9e018dex_refsource_MISC
https://github.com/auth0/laravel-auth0/commit/a1c3344dc0e5a36e8f56c8cfc535728d3d7558f3x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-68129

IV. Related Vulnerabilities

Same product: auth0-PHP

Same vendor: auth0

Same weakness: CWE-863

V. Comments for CVE-2025-68129

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-68129

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-68129

III. Intelligence Information for CVE-2025-68129

IV. Related Vulnerabilities

V. Comments for CVE-2025-68129

Leave a comment