vulnerability

SUSE: CVE-2025-25207: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:A/AC:L/Au:S/C:N/I:N/A:C)	Dec 5, 2025	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:A/AC:L/Au:S/C:N/I:N/A:C)

Published

Dec 5, 2025

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.

Solution

suse-upgrade-govulncheck-vulndb

References

CVE-2025-25207
https://attackerkb.com/topics/CVE-2025-25207
CWE-400

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today