Vulnerability in Wasp-lang Wasp

CVE-2025-49006

Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a spec…

EPSS: 0.004 (30.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2025-49006?
CVE-2025-49006 is a vulnerability in Wasp-lang Wasp, classified under Incorrect Default Permissions. Published 2025-06-09.
Is CVE-2025-49006 known to be exploited?
1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.