ByteOS Network

NVD Vulnerability Details :

CVE-2025-46344

Awaiting Analysis

Source-security-advisories@github.com

Published At-29 Apr, 2025 | 21:15

Updated At-02 May, 2025 | 13:53

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke `.setExpirationTime` when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While the session cookie may expire or be cleared, the JWE remains valid. This issue has been patched in version 4.5.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	4.9	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses

CWE ID	Type	Source
CWE-613	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/auth0/nextjs-auth0/commit/a4f061aed02ffa132feca8adfbd11704df17e1c3	security-advisories@github.com	N/A
https://github.com/auth0/nextjs-auth0/releases/tag/v4.5.1	security-advisories@github.com	N/A
https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-pjr6-jx7r-j4r6	security-advisories@github.com	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History