Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
4Blast Radius
ecosystem impact- 1 npm packages depend on @clerk/backend (1 direct, 0 indirect)
- 1 npm packages depend on @clerk/express (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2.0.0 and other introduced versions.
DescriptionGitHub Advisory
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
AnalysisAI
CVE-2025-53548 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Technical ContextAI
Vulnerability type not specified by vendor. CVSS 7.5 indicates high severity.
RemediationAI
Monitor vendor channels for patch availability.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-20865
GHSA-9mp4-77wg-rwx9