CVE-2025-4143
The CVE-2025-4143 entry concerns the OAuth implementation in Cloudflare’s workers-oauth-provider (MCP framework). The root cause is missing validation of redirect_uri against the client’s allowed list during authorization (the server-side code only validated the code exchange). This creates poten...