0.0
NA
CVE-2025-31492
Apache mod_auth_openidc Unauthenticated Content Disclosure Vulnerability
Description

mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11.

INFO

Published Date :

April 6, 2025, 8:15 p.m.

Last Modified :

April 7, 2025, 2:17 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

Affected Products

The following products are affected by CVE-2025-31492 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Mod_auth_openidc_project mod_auth_openidc
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-31492.

URL Resource
https://github.com/OpenIDC/mod_auth_openidc/commit/b59b8ad63411857090ba1088e23fe414c690c127
https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-59jp-rwph-878r

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-31492 vulnerability anywhere in the article.

  • Cyber Security News
Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code Remotely

A critical vulnerability in Microsoft Windows Remote Desktop Services that could allow attackers to execute arbitrary code remotely on affected systems without user authentication. Identified as CVE-2 ... Read more

Published Date: Apr 09, 2025 (5 days, 21 hours ago)
CVE-2025-27487 CVE-2025-27480 CVE-2025-31492
  • Cyber Security News
Apache mod_auth_openidc Vulnerability Exposes Protected Content to Unauthenticated Users

A significant security vulnerability in Apache’s mod_auth_openidc module has been discovered that could allow unauthorized access to protected web resources. The flaw, tracked as CVE-2025-31492 and ra ... Read more

Published Date: Apr 09, 2025 (5 days, 22 hours ago)
CVE-2025-31492
  • Cyber Security News
Kibana Security Update – Patch for Vulnerability Leads to Code Injection

Elastic has released critical security updates for Kibana, addressing a high-severity vulnerability that could allow attackers to inject malicious code into affected systems. The security update patch ... Read more

Published Date: Apr 09, 2025 (5 days, 22 hours ago)
CVE-2024-12556 CVE-2025-31492 CVE-2025-25015
  • Cyber Security News
5000+ Exposed Ivanti Connect Secure Devices Vulnerable to RCE Attacks

Over 5,113 Ivanti Connect Secure VPN appliances remain unpatched and vulnerable to the active exploitation of CVE-2025-22457, a critical stack-based buffer overflow vulnerability that enables remote c ... Read more

Published Date: Apr 09, 2025 (5 days, 22 hours ago)
CVE-2025-31492 CVE-2025-22457
  • Cyber Security News
CISA Warns of CrushFTP Authentication Bypass Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability in CrushFTP file transfer software to its Known Exploited Vulnerabilities (KEV) Cat ... Read more

Published Date: Apr 09, 2025 (5 days, 23 hours ago)
CVE-2025-31492 CVE-2025-31161
  • Daily CyberSecurity
Apache mod_auth_openidc Vulnerability Exposes Protected Content

In a recently published security advisory, OpenIDC has revealed a vulnerability in mod_auth_openidc, the widely used OpenID Connect module for the Apache HTTP server. The flaw, tracked as CVE-2025-314 ... Read more

Published Date: Apr 09, 2025 (6 days, 7 hours ago)
CVE-2024-48887 CVE-2024-54092 CVE-2025-20654 CVE-2025-31492 CVE-2025-30401 CVE-2025-27520 CVE-2025-2244 CVE-2025-31489 CVE-2025-3155 CVE-2025-2945 ...+4 more CVE

The following table lists the changes that have been made to the CVE-2025-31492 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Apr. 06, 2025

    Action Type Old Value New Value
    Added Description mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The conditions for disclosure are an OIDCProviderAuthRequestMethod POST, a valid account, and there mustn't be any application-level gateway (or load balancer etc) protecting the server. When you request a protected resource, the response includes the HTTP status, the HTTP headers, the intended response (the self-submitting form), and the protected resource (with no headers). This is an example of a request for a protected resource, including all the data returned. In the case where mod_auth_openidc returns a form, it has to return OK from check_userid so as not to go down the error path in httpd. This means httpd will try to issue the protected resource. oidc_content_handler is called early, which has the opportunity to prevent the normal output being issued by httpd. oidc_content_handler has a number of checks for when it intervenes, but it doesn't check for this case, so the handler returns DECLINED. Consequently, httpd appends the protected content to the response. The issue has been patched in mod_auth_openidc versions >= 2.4.16.11.
    Added CVSS V4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-200
    Added Reference https://github.com/OpenIDC/mod_auth_openidc/commit/b59b8ad63411857090ba1088e23fe414c690c127
    Added Reference https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-59jp-rwph-878r
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-31492 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-31492 weaknesses.

CAPEC-13: Subverting Environment Variable Values Subverting Environment Variable Values CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-59: Session Credential Falsification through Prediction Session Credential Falsification through Prediction CAPEC-60: Reusing Session IDs (aka Session Replay) Reusing Session IDs (aka Session Replay) CAPEC-79: Using Slashes in Alternate Encoding Using Slashes in Alternate Encoding CAPEC-116: Excavation Excavation CAPEC-169: Footprinting Footprinting CAPEC-224: Fingerprinting Fingerprinting CAPEC-285: ICMP Echo Request Ping ICMP Echo Request Ping CAPEC-287: TCP SYN Scan TCP SYN Scan CAPEC-290: Enumerate Mail Exchange (MX) Records Enumerate Mail Exchange (MX) Records CAPEC-291: DNS Zone Transfers DNS Zone Transfers CAPEC-292: Host Discovery Host Discovery CAPEC-293: Traceroute Route Enumeration Traceroute Route Enumeration CAPEC-294: ICMP Address Mask Request ICMP Address Mask Request CAPEC-295: Timestamp Request Timestamp Request CAPEC-296: ICMP Information Request ICMP Information Request CAPEC-297: TCP ACK Ping TCP ACK Ping CAPEC-298: UDP Ping UDP Ping CAPEC-299: TCP SYN Ping TCP SYN Ping CAPEC-300: Port Scanning Port Scanning CAPEC-301: TCP Connect Scan TCP Connect Scan CAPEC-302: TCP FIN Scan TCP FIN Scan CAPEC-303: TCP Xmas Scan TCP Xmas Scan CAPEC-304: TCP Null Scan TCP Null Scan CAPEC-305: TCP ACK Scan TCP ACK Scan CAPEC-306: TCP Window Scan TCP Window Scan CAPEC-307: TCP RPC Scan TCP RPC Scan CAPEC-308: UDP Scan UDP Scan CAPEC-309: Network Topology Mapping Network Topology Mapping CAPEC-310: Scanning for Vulnerable Software Scanning for Vulnerable Software CAPEC-312: Active OS Fingerprinting Active OS Fingerprinting CAPEC-313: Passive OS Fingerprinting Passive OS Fingerprinting CAPEC-317: IP ID Sequencing Probe IP ID Sequencing Probe CAPEC-318: IP 'ID' Echoed Byte-Order Probe IP 'ID' Echoed Byte-Order Probe CAPEC-319: IP (DF) 'Don't Fragment Bit' Echoing Probe IP (DF) 'Don't Fragment Bit' Echoing Probe CAPEC-320: TCP Timestamp Probe TCP Timestamp Probe CAPEC-321: TCP Sequence Number Probe TCP Sequence Number Probe CAPEC-322: TCP (ISN) Greatest Common Divisor Probe TCP (ISN) Greatest Common Divisor Probe CAPEC-323: TCP (ISN) Counter Rate Probe TCP (ISN) Counter Rate Probe CAPEC-324: TCP (ISN) Sequence Predictability Probe TCP (ISN) Sequence Predictability Probe CAPEC-325: TCP Congestion Control Flag (ECN) Probe TCP Congestion Control Flag (ECN) Probe CAPEC-326: TCP Initial Window Size Probe TCP Initial Window Size Probe CAPEC-327: TCP Options Probe TCP Options Probe CAPEC-328: TCP 'RST' Flag Checksum Probe TCP 'RST' Flag Checksum Probe CAPEC-329: ICMP Error Message Quoting Probe ICMP Error Message Quoting Probe CAPEC-330: ICMP Error Message Echoing Integrity Probe ICMP Error Message Echoing Integrity Probe CAPEC-472: Browser Fingerprinting Browser Fingerprinting CAPEC-497: File Discovery File Discovery CAPEC-508: Shoulder Surfing Shoulder Surfing CAPEC-573: Process Footprinting Process Footprinting CAPEC-574: Services Footprinting Services Footprinting CAPEC-575: Account Footprinting Account Footprinting CAPEC-576: Group Permission Footprinting Group Permission Footprinting CAPEC-577: Owner Footprinting Owner Footprinting CAPEC-616: Establish Rogue Location Establish Rogue Location CAPEC-643: Identify Shared Files/Directories on System Identify Shared Files/Directories on System CAPEC-646: Peripheral Footprinting Peripheral Footprinting CAPEC-651: Eavesdropping Eavesdropping
NONE - Vulnerability Scoring System
: