Lucene search
K

5 matches found

OSV
OSV
added 2025/05/01 1:15 a.m.3 views

CVE-2025-4144

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

9.8CVSS5.7AI score0.00491EPSS
Exploits0References1
Circl
Circl
added 2025/05/01 1:13 a.m.22 views

CVE-2025-4144

creationtimestamp| type| source ---|---|--- 2025-05-01 01:13:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14209 2025-05-01 01:56:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo37f4ryof2e 2025-05-01 04:48:02+00:00| seen|...

9.8CVSS5.7AI score0.00491EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/05/01 12:50 a.m.10 views

CVE-2025-4144 PKCE bypass via downgrade attack

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

5.3CVSS6.9AI score0.00491EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/01 12:50 a.m.49 views

CVE-2025-4144 PKCE bypass via downgrade attack

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27...

5.3CVSS0.00491EPSS
Exploits0References1
CVE
CVE
added 2025/05/01 12:50 a.m.79 views

CVE-2025-4144

CVE-2025-4144 affects Cloudflare’s MCP-based workers-oauth-provider. A flaw in the PKCE implementation allows an attacker to bypass PKCE verification, effectively bypassing PKCE protection. Descriptions across sources (Veracode, Red Hat, GHSA advisories, OSV) state that the OAuth check can be ski...

9.8CVSS6.3AI score0.00491EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder