CVE-2025-9803

Description

lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in the access token issued by Google, which is crucial for ensuring the token is intended for the application. This oversight allows attackers to use tokens issued to malicious applications to gain unauthorized access to user accounts. The issue is resolved in version 1.9.35.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:lunary:lunary:1.9.34:*:*:*:*:*:*:* - VULNERABLE

lunary-ai/lunary <= 1.9.34

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

需要提供具体的PoC代码示例

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-9803
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-9803
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-9803/
[4] VulDB https://vuldb.com/cve/CVE-2025-9803
[5] https://github.com/lunary-ai/lunary/commit/95a2cc8e012bf5f089edbfa072ba66dcb7e10d91
[6] https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6
[7] https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-9803", "sourceIdentifier": "[email protected]", "published": "2025-11-25T01:15:47.137", "lastModified": "2025-12-30T17:16:19.347", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "lunary-ai/lunary version 1.9.34 is vulnerable to an account takeover due to improper authentication in the Google OAuth integration. The application fails to verify the 'aud' (audience) field in the access token issued by Google, which is crucial for ensuring the token is intended for the application. This oversight allows attackers to use tokens issued to malicious applications to gain unauthorized access to user accounts. The issue is resolved in version 1.9.35."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV30": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.8}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-287"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:lunary:lunary:1.9.34:*:*:*:*:*:*:*", "matchCriteriaId": "BBC1BC36-360C-4FAC-8583-40F9D8B2F90C"}]}]}], "references": [{"url": "https://github.com/lunary-ai/lunary/commit/95a2cc8e012bf5f089edbfa072ba66dcb7e10d91", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://huntr.com/bounties/4734f35f-514c-4d10-98fa-3a54514f6af6", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}