QwikSec

Security Database

CVE

CWE

Training

CVE-2025-53535

Published: Jul 7, 2025

Modified: Jul 7, 2025

PUBLISHED

Description

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This vulnerability is fixed in 1.2.10.

Vendor	Product	Versions
better-auth	better-auth	affected `< 1.2.10`

Weaknesses (CWE)

References

https://github.com/better-auth/better-auth/security/advisories/GHSA-36rg-gfq2-3h56

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.