CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-10470

The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerability can result in a denial-of-service condition, causing service unavailability for deployments that utilize the Magic Link authenticator. The impact is limited to these specific deployments and requires repeated invalid authentication attempts to trigger.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.6%

CVSS Severity

CVSS v3 Score 8.6

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2025-4469/

Products affected by CVE-2025-10470

Wso2 » Identity Server » Version: 7.0.0

cpe:2.3:a:wso2:identity_server:7.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-10470

Products

Pricing

Contact Us