CVE-2025-27143: Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
(updated )
The application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs (e.g., https://evil.com), it incorrectly allows scheme-less URLs (e.g., //malicious-site.com). This results in the browser interpreting the URL as https://malicious-site.com, leading to unintended redirection.
bypass for : https://github.com/better-auth/better-auth/security/advisories/GHSA-8jhw-6pjj-8723
References
- github.com/advisories/GHSA-hjpm-7mrm-26w8
- github.com/better-auth/better-auth
- github.com/better-auth/better-auth/commit/24659aefc35a536b95ea4e5347e52c8803910153
- github.com/better-auth/better-auth/commit/b381cac7aafd6aa53ef78b6ab771ebfa24643c80
- github.com/better-auth/better-auth/releases/tag/v1.1.21
- github.com/better-auth/better-auth/security/advisories/GHSA-8jhw-6pjj-8723
- github.com/better-auth/better-auth/security/advisories/GHSA-hjpm-7mrm-26w8
- nvd.nist.gov/vuln/detail/CVE-2025-27143
Code Behaviors & Features
Detect and mitigate CVE-2025-27143 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →