Description

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs. The vulnerability affects any application that either directly uses the Auth0-PHP SDK (versions 3.3.0–8.16.0) or indirectly relies on those versions through the Auth0/symfony, Auth0/laravel-auth0, or Auth0/wordpress SDKs. This issue is fixed in version 8.17.0.

INFO

Published Date :

2025-10-01T19:57:05.692Z

Last Modified :

2025-10-01T20:09:45.900Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58769 vulnerability.

Vendors Products
Auth0
  • Auth0
Laravel
  • Laravel
Symfony
  • Symfony
Wordpress
  • Wordpress
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58769.

URL Resource
https://github.com/auth0/auth0-PHP/commit/9026da58f5c381cd4cb5932de829eff6eacbb65c cve-icon cve-icon
https://github.com/auth0/auth0-PHP/releases/tag/8.17.0 cve-icon cve-icon
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-9mh6-g99m-ppcw cve-icon cve-icon
https://github.com/auth0/laravel-auth0/security/advisories/GHSA-hjfh-5jmm-xr24 cve-icon cve-icon
https://github.com/auth0/symfony/security/advisories/GHSA-7jp2-5h22-m432 cve-icon cve-icon
https://github.com/auth0/wordpress/security/advisories/GHSA-w22c-pw5m-482x cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact