Clerk · @Clerk/Backend · CVE-2025-53548
Name of the Vulnerable Software and Affected Versions:
@clerk/backend versions prior to 2.4.0
Description:
Applications utilizing the `verifyWebhook()` helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events.
Recommendations:
Upgrade to @clerk/backend version 2.4.0.