INFSA-2025:7490: mod_auth_openidc security update
Information about definition
Identificator: INFSA-2025:7490
Type: security
Release date: 2025-07-15 19:21:58 UTC
Information about package
The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Vulnerabilities description
- CVE-2025-31492
A flaw was found in mod_auth_openidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-31492
|
no information | 7.5 | no information |
Updated packages