SCA: security update for goauthentik.io (GHSA-9g4j-v8w5-7x42)

high Tenable Cloud Security Plugin ID 428611

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support
for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions 2025.6.0-rc1 through
2025.6.3, deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML
providers can still retain partial access to the system despite their accounts being deactivated. They end
up in a half-authenticated state where they cannot access the API but crucially they can authorize
applications if they know the URL of the application. To workaround this issue, developers can add an
expression policy to the user login stage on the respective authentication flow with the expression of
return request.context["pending_user"].is_active. This modification ensures that the return statement only
activates the user login stage when the user is active. This issue is fixed in versions authentik 2025.4.4
and 2025.6.4. (CVE-2025-53942)

See Also

https://github.com/advisories/GHSA-9g4j-v8w5-7x42

Plugin Details

Severity: High

ID: 428611

Version: Revision 1.9

Type: Local

Family: SCA Checks

Published: 7/22/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.37

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-53942

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.1

Threat Score: 2.9

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 7/22/2025

Vulnerability Publication Date: 7/22/2025

Reference Information

CVE: CVE-2025-53942

cwe: CWE-269