โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2025-4144
CVE-2025-4144 โ€” PKCE was implemented in the OAuth implementation in workers-oauth-provider that
๐Ÿ“… 2025-05-01
๐Ÿ”ด Critical ๐Ÿ”ฅ No NVD Exploit Vulnerability CVSS 9.8 ๐ŸŽฏ EPSS 0.4%

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, itย was found that an attacker could cause the check to be skipped. Fixed in: https://github.com/cloudflare/workers-oauth-provider/pull/27 https://github.com/cloudflare/workers-oauth-provider/pull/27 Impact: PKCE is a defense-in-

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

PKCE was implemented

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Exploit

๐Ÿ”— CVE ID

CVE-2025-4144

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

NVD

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2025-4144 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†