Open Redirect Vulnerability in Better Auth Authentication Library for TypeScript
CVE-2025-27143

6.9MEDIUM

Key Information:

Vendor
Better-auth
Status
Better-auth
Vendor
CVE Published:
24 February 2025

Summary

The Better Auth library for TypeScript allows open redirect vulnerabilities due to improper validation of the callbackURL parameter in email verification and other endpoints. The flaw allows scheme-less URLs, tricking browsers into treating them as fully qualified URLs, opening the door for attackers to create malicious verification links. When a user clicks such a link, they are redirected to the attacker’s site post verification, potentially compromising sensitive data and leading to phishing attacks. An updated patch to address this issue is included in version 1.1.21.

Affected Version(s)

better-auth < 1.1.20

References

https://github.com/better-auth/better-auth/security/advis...
x_refsource_CONFIRM
https://github.com/better-auth/better-auth/security/advis...
x_refsource_MISC
https://github.com/better-auth/better-auth/commit/24659ae...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.