CVE-2025-53535

Summary

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This vulnerability is fixed in 1.2.10.

Affected Software

VendorProductVersion RangeStatus
better-authbetter-auth< 1.2.10affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References