Better-Auth Critical Account Takeover via Unauthenticated API Key Creation (CVE-2025-61928)

News
Yanac

A complete account takeover found with AI for any application using better-auth with API keys enabled, and with 300k weekly downloads, it probably affects a large number of projects. Some of the folks using it can be found here: https://github.com/better-auth/better-auth/discussions/2581. submitted by /u/Prior-Penalty [link] [comments]Technical Information Security Content & DiscussionRead More