CVE-2025-65431 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts.…
Medium CVSS: 5.4

CVE-2025-65431

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.
Vendor
Allauth
Product
Allauth
CWE
CWE-287
Yayın Tarihi
2025-12-15 14:15:57
Güncelleme
2025-12-23 18:08:38
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-287 Allauth MEDIUM Allauth 2025

Referanslar

https://allauth.org/news/2025/10/django-allauth-65.13.0-released/