CVE-2025-67490

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-67490
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67490.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-67490
Aliases
Published
2025-12-10T22:16:08.262Z
Modified
2025-12-11T19:39:35.846565Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
Summary
Auth0 Next.js SDK has Improper Request Caching Lookup
Details

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.

Database specific 
{
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67490.json"
}
References

Affected packages

Git / github.com/auth0/nextjs-auth0

Affected ranges

Type
GIT
Repo
https://github.com/auth0/nextjs-auth0
Events
Introduced
b44aa978deacd51fed1c68d8e44c4070d55cc7f7
Fixed
76224df4c1c670d6e7e59c20c2cbba5ddce196ff
Database specific 
{
    "versions": [
        {
            "introduced": "4.12.0"
        },
        {
            "fixed": "4.12.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/auth0/nextjs-auth0
Events
Introduced
76e635d92a5e045c603ca489baaa510f5705c8b9
Fixed
3190cc38b63dacacbd211e60d09fc9bb4bea16ea
Database specific 
{
    "versions": [
        {
            "introduced": "4.11.0"
        },
        {
            "fixed": "4.11.2"
        }
    ]
}

Affected versions

v4.*

v4.11.0
v4.11.1
v4.12.0