CVE-2025-53548 | THREATINT

Description

Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.

PUBLISHED Reserved 2025-07-02 | Published 2025-07-09 | Updated 2025-07-09 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-345: Insufficient Verification of Data Authenticity

Product status

< 2.4.0

affected

References

github.com/...script/security/advisories/GHSA-9mp4-77wg-rwx9

cve.org (CVE-2025-53548)

nvd.nist.gov (CVE-2025-53548)

Download JSON