CVE-2025-53099

Name of the Vulnerable Software and Affected Versions: Sentry versions prior to 25.5.0

Description: The issue allows an attacker with a malicious OAuth application registered with Sentry to take advantage of a race condition and improper handling of authorization code within Sentry, maintaining persistence to a user's account. This can be achieved through specially timed requests and redirect flows, generating multiple authorization codes that can be used to exchange for access and refresh tokens, even after de-authorizing the particular application.

Recommendations: For self-hosted Sentry users, upgrade to version 25.5.0 or higher. For Sentry SaaS users, no action is required.