CVE-2025-30168

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 7.5.2 Parse Server versions prior to 8.0.2

Description The issue affects Parse Server's 3rd party authentication handling, allowing authentication credentials from one app to be used in another, if the same authentication provider is used. This only impacts apps that use affected 3rd party authentication providers for user authentication. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Technical details about exploitation include the use of authentication credentials across multiple Parse Server apps. The auth option in Parse Server is used to configure an authentication adapter, which can be affected by this issue.

Recommendations For versions prior to 7.5.2, upgrade Parse Server to version 7.5.2 or later and update the client app to send a secure payload. For versions prior to 8.0.2, upgrade Parse Server to version 8.0.2 or later and update the client app to send a secure payload.