CVE Daily

CVE-2025-21617

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, N...

Medium CVSS 6.3

Overview

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1.

CWE: CWE-338 Published: 2025-01-06T20:15:39.453
Risk analysis

This vulnerability is rated 🟡 MEDIUM.

  • CVSS: 6.3 (MEDIUM)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags