VYPR
Medium severity6.0NVD Advisory· Published Feb 24, 2025· Updated Apr 15, 2026

CVE-2025-23017

CVE-2025-23017

Description

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.