Vulnerability in Getsentry Sentry

CVE-2025-53099

Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of auth…

EPSS: 0.003 (55.2th percentile) — read the EPSS interpretation.

Affected products

Getsentry Sentry — versions < 25.5.0

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

https://github.com/getsentry/sentry/security/advisories/GHSA-mgh8-h4xc-pfmj (x_refsource_CONFIRM)
https://github.com/getsentry/sentry/pull/85570 (x_refsource_MISC)
https://github.com/getsentry/sentry/pull/85571 (x_refsource_MISC)
https://github.com/getsentry/sentry/pull/86069 (x_refsource_MISC)
https://github.com/getsentry/sentry/pull/86532 (x_refsource_MISC)
https://github.com/getsentry/sentry/commit/57f0129e1e977b76fe8d16667a586578791a3dcd (x_refsource_MISC)
https://github.com/getsentry/sentry/commit/ab5fd932ca6bd46529ba3308b4669e3cee719b8f (x_refsource_MISC)
https://github.com/getsentry/sentry/commit/e6241254aead969e6c8490a81cde9a01335df19d (x_refsource_MISC)