Security Advisory

CVE-2025-23017

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-24 00:00:00

Last updated 2025-02-24 16:01:35

Assigner mitre

State PUBLISHED

Description

WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the users password. No exploitation occurred.

← Browse all CVEs View on cve.org ↗