CVE-2025-67716 | auth0 nextjs-auth0 up to 4.12.x returnTo incomplete blacklist (GHSA-mr6f-h57v-rpj5)

A vulnerability, which was classified as critical, has been found in auth0 nextjs-auth0 up to 4.12.x. This affects an unknown function. Performing manipulation of the argument returnTo results in incomplete blacklist.

This vulnerability is known as CVE-2025-67716. Remote exploitation of the attack is possible. No exploit is available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More