Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-9803
Analyzed
More InfoOfficial Page
Source-security@huntr.dev
View Known Exploited Vulnerability (KEV) details
Published At-25 Nov, 2025 | 01:15
Updated At-30 Dec, 2025 | 17:16

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in the access token issued by Google, which is crucial for ensuring the token is intended for the application. This oversight allows attackers to use tokens issued to malicious applications to gain unauthorized access to user accounts. The issue is resolved in version 1.9.35.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary3.09.3CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CPE Matches
Lunary LLC
lunary
>>lunary>>1.9.34
cpe:2.3:a:lunary:lunary:1.9.34:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-287Secondarysecurity@huntr.dev
CWE-863Primarynvd@nist.gov
CWE ID: CWE-287
Type: Secondary
Source: security@huntr.dev
CWE ID: CWE-863
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/lunary-ai/lunary/commit/95a2cc8e012bf5f089edbfa072ba66dcb7e10d91security@huntr.dev
Broken Link
https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6security@huntr.dev
Exploit
Third Party Advisory
https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Third Party Advisory
Hyperlink: https://github.com/lunary-ai/lunary/commit/95a2cc8e012bf5f089edbfa072ba66dcb7e10d91
Source: security@huntr.dev
Resource:
Broken Link
Hyperlink: https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6
Source: security@huntr.dev
Resource:
Exploit
Third Party Advisory
Hyperlink: https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Third Party Advisory
Change History
0Changes found
Details not found