Race Condition and Improper Authorization Handling in Sentry by Getsentry
CVE-2025-53099

5.5MEDIUM

Key Information:

Vendor

Getsentry

Status
Sentry
Vendor
CVE Published:
1 July 2025

What is CVE-2025-53099?

A race condition vulnerability in Sentry prior to version 25.5.0 allows attackers using malicious OAuth applications to exploit flaws in authorization code handling. By crafting specifically timed requests and redirect flows, an attacker could generate multiple authorization codes, leading to unauthorized access and persistence in a user's account even after the application had been de-authorized. This issue has been addressed in Sentry version 25.5.0, and users of self-hosted instances are advised to upgrade to this version or higher to mitigate potential risks.

Affected Version(s)

sentry < 25.5.0

References

https://github.com/getsentry/sentry/security/advisories/G...
x_refsource_CONFIRM
https://github.com/getsentry/sentry/pull/85570
x_refsource_MISC
https://github.com/getsentry/sentry/pull/85571
x_refsource_MISC

CVSS V4

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53099 : Race Condition and Improper Authorization Handling in Sentry by Getsentry