QwikSec

Security Database

CVE

CWE

Training

CVE-2025-61783

Published: Oct 9, 2025

Modified: Oct 15, 2025

PUBLISHED

Description

Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was not included. This could lead to account compromise when a third-party authentication service does not validate provided e-mail addresses or doesn't require unique e-mail addresses. Version 5.6.0 contains a patch. As a workaround, review the authentication service policy on e-mail addresses; many will not allow exploiting this vulnerability.

Vendor	Product	Versions
python-social-auth	social-app-django	affected `< 5.6.0`

Weaknesses (CWE)

References

https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-wv4w-6qv2-qqfg

x_refsource_CONFIRM

https://github.com/python-social-auth/social-app-django/issues/220

x_refsource_MISC

https://github.com/python-social-auth/social-app-django/issues/231

x_refsource_MISC

https://github.com/python-social-auth/social-app-django/issues/634

x_refsource_MISC

https://github.com/python-social-auth/social-app-django/pull/803

x_refsource_MISC

https://github.com/python-social-auth/social-app-django/commit/10c80e2ebabeccd4e9c84ad0e16e1db74148ed4c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.