Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

INFO

Published Date :

2025-10-09T20:57:20.734Z

Last Modified :

2025-10-09T20:57:20.734Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61783 vulnerability.

Vendors Products
Python-social-auth
  • Social-app-django
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61783.

URL Resource
https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c cve-icon cve-icon cve-icon
https://github.com/python-social-auth/social-app-django/issues/220 cve-icon cve-icon cve-icon
https://github.com/python-social-auth/social-app-django/issues/231 cve-icon cve-icon cve-icon
https://github.com/python-social-auth/social-app-django/issues/634 cve-icon cve-icon cve-icon
https://github.com/python-social-auth/social-app-django/pull/803 cve-icon cve-icon cve-icon
https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability