What is CVE-2025-65015?

CVE-2025-65015 is a high-severity vulnerability in Authlib Joserfc, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2025-11-18.

How severe is CVE-2025-65015?

High severity. CVSS v3 base score is 7.5 out of 10.

Resource exhaustion in Authlib Joserfc

CVE-2025-65015

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are…

EPSS: 0.003 (24.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Authlib Joserfc — versions >= 1.3.3, < 1.3.5, >= 1.4.0, < 1.4.2
Hsiaoming Joserfc

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

security-advisories@github.com (x_refsource_CONFIRM, Exploit, Vendor Advisory)
security-advisories@github.com (Patch, x_refsource_MISC)
security-advisories@github.com (Patch, x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC, Release Notes)
security-advisories@github.com (x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2025-65015?: CVE-2025-65015 is a high-severity vulnerability in Authlib Joserfc, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2025-11-18.
How severe is CVE-2025-65015?: High severity. CVSS v3 base score is 7.5 out of 10.