What is CVE-2025-61783?

CVE-2025-61783 is a vulnerability in Python-social-auth Social-app-django, classified under Incorrect Implementation of Authentication Algorithm. Published 2025-10-09.

Is CVE-2025-61783 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Python-social-auth Social-app-django

CVE-2025-61783

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to ac…

EPSS: 0.001 (23.8th percentile) — read the EPSS interpretation.

Affected products

Python-social-auth Social-app-django — versions < 5.6.0

Weakness classification (CWE)

CWE-303 — Incorrect Implementation of Authentication Algorithm

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg (x_refsource_CONFIRM)
https://github.com/python-social-auth/social-app-django/issues/220 (x_refsource_MISC)
https://github.com/python-social-auth/social-app-django/issues/231 (x_refsource_MISC)
https://github.com/python-social-auth/social-app-django/issues/634 (x_refsource_MISC)
https://github.com/python-social-auth/social-app-django/pull/803 (x_refsource_MISC)
https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-61783?: CVE-2025-61783 is a vulnerability in Python-social-auth Social-app-django, classified under Incorrect Implementation of Authentication Algorithm. Published 2025-10-09.
Is CVE-2025-61783 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.