Vulnerability in Openidentityplatform Openam

CVE-2025-64099

Open Access Management (OpenAM) is an access management solution. In versions prior to 16.0.0, if the "claims_parameter_supported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script, to inject the v…

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

Affected products

Openidentityplatform Openam — versions < 16.0.0

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

https://github.com/OpenIdentityPlatform/OpenAM/security/advisories/GHSA-39hr-239p-fhqc (x_refsource_CONFIRM)