Email Association Vulnerability in Python Social Auth by Python
CVE-2025-61783

6.3MEDIUM

Key Information:

Vendor

Python-social-auth

Status
Social-app-django
Vendor
CVE Published:
9 October 2025

What is CVE-2025-61783?

Python Social Auth, a mechanism for social authentication and registration, contains a vulnerability in versions prior to 5.6.0. During the authentication process, users can be associated with accounts via email even if the associate_by_email pipeline is not included. This flaw may result in account compromise, particularly when third-party authentication services fail to validate email addresses or enforce unique emails. The issue is addressed in version 5.6.0, and users are advised to check their authentication service policies regarding email usage as a workaround.

Affected Version(s)

social-app-django < 5.6.0

References

https://github.com/python-social-auth/social-app-django/s...
x_refsource_CONFIRM
https://github.com/python-social-auth/social-app-django/i...
x_refsource_MISC
https://github.com/python-social-auth/social-app-django/i...
x_refsource_MISC

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-61783 : Email Association Vulnerability in Python Social Auth by Python