Vulnerability in Auth0 Nextjs-auth0
CVE-2025-48947
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Cont…
EPSS: 0.003 (51.8th percentile) — read the EPSS interpretation.
Affected products
- Auth0 Nextjs-auth0 — versions >= 4.0.1, < 4.6.1
Weakness classification (CWE)
References
- https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-f3fg-mf2q-fj3f (x_refsource_CONFIRM)