Information disclosure in Openidc Mod_auth_openidc

CVE-2025-31492

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in discl…

Vulnerability class: Information Disclosure

EPSS: 0.005 (41.4th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-31492?
CVE-2025-31492 is a vulnerability in Openidc Mod_auth_openidc, classified under Information Disclosure. Published 2025-04-06.
Is CVE-2025-31492 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.