CVE-2025-53548— @clerk/backend Performs Insufficient Verification of Data Authenticity

CVSS 7.5 · High EPSS 0.13% · P32 Updated Jul 11, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-53548

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

@clerk/backend Performs Insufficient Verification of Data Authenticity

Source: NVD (National Vulnerability Database)

Vulnerability Description

Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

对数据真实性的验证不充分

Source: NVD (National Vulnerability Database)

Vulnerability Title

Official Clerk JavaScript SDKs 数据伪造问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Official Clerk JavaScript SDKs是Clerk开源的一个用于 Clerk 身份验证的官方 Javascript 存储库。 Official Clerk JavaScript SDKs存在数据伪造问题漏洞，该漏洞源于verifyWebhook验证不足，可能导致接受未签名webhook事件。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
clerk	javascript	< 2.4.0	-

II. Public POCs for CVE-2025-53548

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-53548

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: javascript

Same vendor: clerk

Same weakness: CWE-345

V. Comments for CVE-2025-53548

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-53548— @clerk/backend Performs Insufficient Verification of Data Authenticity

I. Basic Information for CVE-2025-53548

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-53548

III. Intelligence Information for CVE-2025-53548

IV. Related Vulnerabilities

V. Comments for CVE-2025-53548

Leave a comment