Better Auth is a user authentication and authorization platform designed to enhance security and simplify the login process for web applications. It offers features such as passwordless authentication, multi-factor authentication, and single sign-on capabilities.

Better Auth

### Summary
A vulnerability was identified in the multi-session plugin for Better Auth, specifically in the /sign-out after-hook. The hook trusts raw multi-session cookies and forwards the extracted values directly to internalAdapter.deleteSessions without verifying the cookie signature. Because cookie values are not validated with getSignedCookie (or any equivalent check), an attacker can supply a forged _multi-* cookie to trigger deletion of arbitrary session tokens.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-61928	CRITICAL	9.3	Better Auth	better-auth	No	Yes	Oct 09, 2025
GHSA-x732-6j76-qmhm	HIGH	8.6	Better Auth	better-auth	No	Yes	Dec 16, 2025
GHSA-99h5-pjcv-gr6v	HIGH	8.6	Better Auth	better-auth	No	Yes	Oct 09, 2025
GHSA-569q-mpph-wgww	LOW	2.9	Better Auth	better-auth	No	Yes	Dec 01, 2025
GHSA-wmjr-v86c-m9jj	LOW	2	Better Auth	better-auth	No	Yes	Nov 26, 2025

GHSA-wmjr-v86c-m9jj:
Better Auth vulnerability analysis and mitigation

Summary

2

Related Better Auth vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

GHSA-wmjr-v86c-m9jj: Better Auth vulnerability analysis and mitigation