5 matches found
CVE-2025-4144
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
CVE-2025-4144
creationtimestamp| type| source ---|---|--- 2025-05-01 01:13:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14209 2025-05-01 01:56:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo37f4ryof2e 2025-05-01 04:48:02+00:00| seen|...
CVE-2025-4144 PKCE bypass via downgrade attack
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
CVE-2025-4144 PKCE bypass via downgrade attack
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...
CVE-2025-4144
CVE-2025-4144 affects Cloudflare’s MCP-based workers-oauth-provider. A flaw in the PKCE implementation allows an attacker to bypass PKCE verification, effectively bypassing PKCE protection. Descriptions across sources (Veracode, Red Hat, GHSA advisories, OSV) state that the OAuth check can be ski...