CVE-2025-53548
CVE-2025-53548 concerns Clerk’s verifyWebhook() validation. Across connected documents, the issue is that the verifyWebhook() helper may accept improperly signed webhook events, enabling signature forgery. The vulnerability is mitigated by upgrading to @clerk/backend 2.4.0, which properly parses ...