CVE-2025-0672
published 2025-09-23CVE-2025-0672: An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does…
PriorityP421low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.20%
10.4th percentile
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may associate the new account with the previously registered FIDO device.
This flaw may allow a previously deleted user to authenticate using their FIDO credentials and impersonate the newly created user, resulting in unauthorized access. The vulnerability applies only to deployments that utilize FIDO-based authentication.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | open_banking_iam | — | — |
| wso2 | wso2_identity_server | >= 5.10.0 < 5.10.0.345 | 5.10.0.345 |
| wso2 | wso2_identity_server | >= 5.11.0 < 5.11.0.394 | 5.11.0.394 |
| wso2 | wso2_identity_server_as_key_manager | >= 5.10.0 < 5.10.0.338 | 5.10.0.338 |
| wso2 | wso2_open_banking_iam | >= 2.0.0 < 2.0.0.389 | 2.0.0.389 |
CVSS provenance
nvdv3.13.8LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
osv5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
python2.7 vulnerabilities
osv·2026-03-19·CVSS 5.7
CVE-2025-12084 python2.7 vulnerabilities
python2.7 vulnerabilities
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672,
CVE-2026-0865 for python3. This update provides the corresponding updates
for python2.7.
Original advisory details:
Denis Ledoux discovered that Python incorrectly parsed email message
headers. An attacker could possibly use this issue to inject arbitrary
headers into email messages. This issue only affected python3.6,
python3.7, python3.8, python3.9, python3.10, python3.11, python3.12,
python3.13, and python3.14 packages. (CVE-2025-11468)
Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python
inefficiently parsed XML input with quadratic complexity. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2025-12084)
It was discovered that Python incorrectly pars
GHSA
GHSA-gf54-37hh-j4g4: An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled
ghsa_unreviewed·2025-09-23
CVE-2025-0672 [LOW] CWE-287 GHSA-gf54-37hh-j4g4: An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled
An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later created using the same username, the system may associate the new account with the previously registered FIDO device.
This flaw may allow a previously deleted user to authenticate using their FIDO credentials and impersonate the newly created user, resulting in unauthorized access. The vulnerability applies only to deployments that utilize FIDO-based authentication.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-23
Published