How to fix EUVD-2025-32415?

Within 24 hours: Identify all affected systems running for WordPress is vulnerable to Improper Verification of Cryp and apply vendor patches immediately. Monitor vendor channels for patch availability.

Is PHP affected by EUVD-2025-32415?

CVE-2025-9485 presents critical security risk, a signature bypass vulnerability rated CVSS 9.8. Successful exploitation could critically impact the confidentiality, integrity, and availability of affected systems.

EUVD-2025-32415

| CVE-2025-9485 CRITICAL

2025-10-04 [email protected]

Authentication Bypass WordPress PHP

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 13, 2026 - 19:56 vuln.today

EUVD ID Assigned

Mar 13, 2026 - 19:56 euvd

EUVD-2025-32415

CVE Published

Oct 04, 2025 - 03:15 nvd

CRITICAL 9.8

DescriptionNVD

The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This is due to the plugin performing unsafe JWT token processing without verification or validation in the get_resource_owner_from_id_token function. This makes it possible for unauthenticated attackers to bypass authentication and gain access to any existing user account - including administrators in certain configurations - or to create arbitrary subscriber-level accounts.

AnalysisAI

Cryptographic signature bypass in OAuth SSO WordPress plugin. EPSS 0.65%.

Technical ContextAI

CWE-347.

RemediationAI

Update.

EUVD-2025-32415 vulnerability details – vuln.today

Back

EUVD-2025-32415

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code