CVE-2025-63700 - Vulnerability Details

DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00095.

Key SSVC decision points have not yet been added.

Vendors	Products
Clerk	Javascript

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Clerk	Javascript

References

No reference.

History

Tue, 23 Dec 2025 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-290
References	https://clerk.com https://github.com/itsnishat08/CVE-2025-63700 https://www.npmjs.com/package/@clerk/clerk-js
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Tue, 23 Dec 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 23 Dec 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description	An issue was discovered in clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage. NOTE: this is disputed by the Supplier because there is no available information to reproduce the issue, and because an OAuth authentication flow issue would be fixed in a backend component, not within clerk-js itself (which is solely a frontend component).	DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Wed, 03 Dec 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description	An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.	An issue was discovered in clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage. NOTE: this is disputed by the Supplier because there is no available information to reproduce the issue, and because an OAuth authentication flow issue would be fixed in a backend component, not within clerk-js itself (which is solely a frontend component).
References		https://www.npmjs.com/package/@clerk/clerk-js

Mon, 24 Nov 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Clerk Clerk javascript
Vendors & Products		Clerk Clerk javascript

Fri, 21 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 20 Nov 2025 22:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-290
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 20 Nov 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
References		https://clerk.com https://github.com/itsnishat08/CVE-2025-63700

MITRE

Status: REJECTED

Assigner: mitre

Published: 2025-11-20T00:00:00.000Z

Updated: 2025-12-23T17:19:19.539Z

Reserved: 2025-10-27T00:00:00.000Z

Link: CVE-2025-63700

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-11-20T19:16:21.367

Modified: 2025-12-23T18:15:43.610

Link: CVE-2025-63700

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-11-24T09:10:52Z

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object