Close Menu
    Subscribe
    Alerts

    CVE-2025-10470 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.

    PUBLISHED Reserved 2025-09-15 | Published 2026-05-11 | Updated 2026-05-11 | Assigner WSO2

    HIGH: 8.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

    Problem types

    CWE-400: Uncontrolled Resource Consumption

    Product status

    Default status
    unaffected

    7.0.0 (custom) before 7.0.0.121
    affected

    Default status
    unknown

    1.1.22 (custom) before 1.1.22.3
    affected

    1.1.31 (custom)
    unaffected

    References

    security.docs.wso2.com/…ty-advisories/2026/WSO2-2025-4469/ vendor-advisory

    cve.org (CVE-2025-10470)

    nvd.nist.gov (CVE-2025-10470)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.