OAuth Implementation Vulnerability in Cloudflare's Workers-OAuth-Provider
CVE-2025-4143

6MEDIUM

Key Information:

Vendor: Cloudflare
Status
Vendor: CVE Published:; 1 May 2025

What is CVE-2025-4143?

The Workers-OAuth-Provider library from Cloudflare contains a notable vulnerability in its OAuth implementation. It fails to properly validate that the redirect URI is part of an authorized list during an authorization flow. This oversight can allow attackers to trick a victim into visiting a malicious site after they have previously authorized an application. If successful, the attacker could potentially access the victim's credentials and impersonate them on the OAuth server. It is essential for OAuth servers to cross-check redirect URIs during both the initial authorization and token exchange phases, a requirement that the library neglected to implement. This situation highlights a common yet critical misstep in OAuth security management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/cloudflare/workers-oauth-provider/pull/26

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
May 1, 2025

JSON

Cloudflare

What is CVE-2025-4143?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.