CVE-2025-64521 | goauthentik up to 2025.8.4/2025.10.1 client_id/client_secret authentication bypass by alternate name

A vulnerability was found in goauthentik authentik up to 2025.8.4/2025.10.1. It has been declared as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument client_id/client_secret results in authentication bypass by alternate name.

This vulnerability is reported as CVE-2025-64521. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More