{"vulnerability": "CVE-2025-31123", "sightings": [{"uuid": "8199f910-57ec-4a2d-88ac-4162de868d06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31123", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114259246539821602", "content": "", "creation_timestamp": "2025-03-31T21:49:02.019883Z"}, {"uuid": "8d7a9f07-e244-4b0c-948c-09e6bec1e633", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31123", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114259246539821602", "content": "", "creation_timestamp": "2025-03-31T21:49:02.021760Z"}, {"uuid": "e41d0b4e-d328-450c-9358-f132bd321734", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31123", "type": "seen", "source": "https://t.me/cvedetector/21649", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-31123 - Zitadel JWT Key Expiration Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-31123 \nPublished : March 31, 2025, 8:15 p.m. | 51\u00a0minutes ago \nDescription : Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9. \nSeverity: 8.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T23:23:53.000000Z"}, {"uuid": "4f29bee6-3929-4030-97d1-dcffce3cd1d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-31123", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9764", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-31123\n\ud83d\udd25 CVSS Score: 8.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N)\n\ud83d\udd39 Description: Zitadel is open-source identity infrastructure software. A vulnerability existed where expired keys can be used to retrieve tokens. Specifically, ZITADEL fails to properly check the expiration date of the JWT key when used for Authorization Grants. This allows an attacker with an expired key to obtain valid access tokens. This vulnerability does not affect the use of JWT Profile for OAuth 2.0 Client Authentication on the Token and Introspection endpoints, which correctly reject expired keys. This vulnerability is fixed in 2.71.6, 2.70.8, 2.69.9, 2.68.9, 2.67.13, 2.66.16, 2.65.7, 2.64.6, and 2.63.9.\n\ud83d\udccf Published: 2025-03-31T19:31:40.507Z\n\ud83d\udccf Modified: 2025-03-31T19:31:40.507Z\n\ud83d\udd17 References:\n1. https://github.com/zitadel/zitadel/security/advisories/GHSA-h3q7-347g-qwhf\n2. https://github.com/zitadel/zitadel/commit/315503beabd679f2e6aec0c004f0f9d2f5b53ed3\n3. https://github.com/zitadel/zitadel/releases/tag/v2.63.9\n4. https://github.com/zitadel/zitadel/releases/tag/v2.64.6\n5. https://github.com/zitadel/zitadel/releases/tag/v2.65.7\n6. https://github.com/zitadel/zitadel/releases/tag/v2.66.16\n7. https://github.com/zitadel/zitadel/releases/tag/v2.67.13\n8. https://github.com/zitadel/zitadel/releases/tag/v2.68.9\n9. https://github.com/zitadel/zitadel/releases/tag/v2.69.9\n10. https://github.com/zitadel/zitadel/releases/tag/v2.70.8\n11. https://github.com/zitadel/zitadel/releases/tag/v2.71.6", "creation_timestamp": "2025-03-31T20:31:10.000000Z"}]}