CVE-2025-68158

Name of the Vulnerable Software and Affected Versions Authlib versions 1.6.5 and prior

Description Authlib is a Python library used for building OAuth and OpenID Connect servers. A flaw exists in cache-backed state/request-token storage where it is not linked to the user session. This allows for Cross-Site Request Forgery (CSRF) if an attacker obtains a valid state, which is easily achievable through an attacker-initiated authentication flow. Specifically, the FrameworkIntegration.set state data function writes state data under the key state {app} {state}, while get state data disregards the caller’s session.

Recommendations Update Authlib to version 1.6.6 or later.