Moderate severityNVD Advisory· Published Dec 15, 2025· Updated Dec 16, 2025
CVE-2025-65431
CVE-2025-65431
Description
An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
django-allauthPyPI | < 65.13.0 | 65.13.0 |
Affected products
2- ghsa-coords2 versions
< 65.13.0+ 1 more
- (no CPE)range: < 65.13.0
- (no CPE)range: < 65.16.1-2.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-8m3c-c723-h4p4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-65431ghsaADVISORY
- allauth.org/news/2025/10/django-allauth-65.13.0-releasedghsaWEB
- github.com/pennersr/django-allauth/commit/8feef46e0e07b25fc5594c8f268afa247ebc3412ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/django-allauth/PYSEC-2025-111.yamlghsaWEB
- allauth.org/news/2025/10/django-allauth-65.13.0-released/mitre
News mentions
0No linked articles in our index yet.