Moderate severityNVD Advisory· Published Dec 15, 2025· Updated Dec 15, 2025
CVE-2025-65430
CVE-2025-65430
Description
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
django-allauthPyPI | < 65.13.0 | 65.13.0 |
Affected products
2- ghsa-coords2 versions
< 65.13.0+ 1 more
- (no CPE)range: < 65.13.0
- (no CPE)range: < 65.16.1-2.1
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-qhmc-3mvr-f2j4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65430ghsaADVISORY
- allauth.org/news/2025/10/django-allauth-65.13.0-releasedghsaWEB
- github.com/pennersr/django-allauth/commit/39f4a4ce9c891795b00914ca5ec32de72d5369c0ghsaWEB
- github.com/pennersr/django-allauth/commit/c54edf947c5a1c8c4ff3cddb75c86000ecb2507dghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django-allauth/PYSEC-2025-110.yamlghsaWEB
- allauth.org/news/2025/10/django-allauth-65.13.0-released/mitre
News mentions
0No linked articles in our index yet.