CVE-2025-65430
MEDIUMDescription
An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.
Is your site exposed to CVE-2025-65430?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| allauth | allauth |
References
Other References
Frequently Asked Questions
What is CVE-2025-65430? +
How severe is CVE-2025-65430? +
What products are affected by CVE-2025-65430? +
How do I check if I'm vulnerable to CVE-2025-65430? +
Related Vulnerabilities
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session …
PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running …
This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints …
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior …
Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are …