Vulnerability DatabaseCVE-2025-31492

CVE-2025-31492:
Alma Linux vulnerability analysis and mitigation

Overview

A critical vulnerability (CVE-2025-31492) was discovered in modauthopenidc, an OpenID Certified authentication and authorization module for Apache 2.x HTTP server. The vulnerability was disclosed on April 6, 2025, affecting versions prior to 2.4.16.11. This security flaw allows unauthorized users to access protected content under specific conditions, particularly when using the POST authentication request method (GitHub Advisory, NVD).

Technical details

The vulnerability occurs when specific conditions are met: the OIDCProviderAuthRequestMethod is set to POST, a valid account exists, and there is no application-level gateway or load balancer protecting the server. When exploited, the response to a protected resource request includes not only the HTTP status and headers but also leaks the protected content along with the self-submitting form. This happens because when modauthopenidc returns a form, it must return OK from checkuserid to avoid the error path in httpd, causing httpd to append the protected content to the response. The vulnerability has been assigned a CVSS v4.0 base score of 8.2 (High) with the vector string CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N ([GitHub Advisory](https://github.com/OpenIDC/modauth_openidc/security/advisories/GHSA-59jp-rwph-878r)).

Impact

The vulnerability leads to the disclosure of protected content to unauthenticated users, potentially exposing sensitive information. The impact is particularly severe as it bypasses authentication mechanisms and allows unauthorized access to protected resources. The high CVSS score reflects the significant confidentiality impact of this vulnerability (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in modauthopenidc version 2.4.16.11 and later. For systems that cannot immediately update, two workarounds are available: 1) Switch to OIDCProviderAuthRequestMethod GET (the default setting), or 2) Implement an application-level gateway to protect the server. Various distributions have also released security updates, such as Debian 11 (Bullseye) fixing the issue in version 2.4.9.4-0+deb11u5 (Debian Advisory, GitHub Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer?

Request vulnerability assessment

8.2

Score

Published April 6, 2025

Severity HIGH

CNA Score 8.2

Affected Technologies

Alma Linux
Alibaba Cloud Linux (Aliyun Linux)

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 56.6

Exploitation Probability (EPSS) 0.3

Affected packages and libraries

mod_auth_openidc-debugsource
mod_auth_openidc

Sources

NVD
AlmaLinux Security Advisory
- AlmaLinux 8 Severity HIGHHas FixAdded at: Apr 22, 2025
- AlmaLinux 9 Severity HIGHHas FixAdded at: May 22, 2025
Debian Security Tracker
- Debian 11, 12, 13 Has FixAdded at: Apr 09, 2025
Red Hat Errata
- Red Hat 7 Severity HIGHNo FixAdded at: Apr 08, 2025
- Red Hat 8 Severity HIGHHas FixAdded at: Apr 08, 2025
- Red Hat 9 Severity HIGHHas FixAdded at: Apr 08, 2025
- Red Hat 10 Severity HIGHHas FixAdded at: May 14, 2025
Ubuntu Security Tracker
- Ubuntu 18.04, 20.04 Severity MEDIUMNo FixAdded at: Apr 15, 2025
- Ubuntu 22.04, 24.04, 24.10 Severity MEDIUMHas FixAdded at: Apr 15, 2025
- Ubuntu 25.04 Severity MEDIUMHas FixAdded at: May 08, 2025