Security Advisory

CVE-2025-65431

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-15 00:00:00

Last updated 2025-12-16 15:46:43

Assigner mitre

State PUBLISHED

Description

An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and should therefore be avoided for authorization decisions. The providers are now using sub instead.

← Browse all CVEs View on cve.org ↗