OpenID Connect Core

CVEs (1)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-27370	OpenID Foundation OpenID Connect Core	Med	0.45	6.9	0.00		Mar 3, 2025	OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including…

CVE-2025-27370MedMar 3, 2025
OpenID Foundation
OpenID Connect Core
risk 0.45cvss 6.9epss 0.00
OpenID Connect Core through 1.0 errata set 2 allows audience injection in certain situations. When the private_key_jwt authentication mechanism is used, a malicious Authorization Server could trick a Client into writing attacker-controlled values into the audience, including…