216.73.217.50

CVE-2025-61783

· Published 09/10/2025 21:15 · Modified 09/10/2025 21:15

Labels: CVE-2025-61783 2025-10-09CVE-2025-61783CWE-303[email protected]

Essential information

Published
09/10/2025 21:15
Modified
09/10/2025 21:15
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
python social auth / python social auth cpe:2.3:a:python_social_auth:python_social_auth:<5.6.0:*:*:*:*:*:*:*

References