CVE-2025-53548 HIGH

CVE-2025-53548: @clerk/backend Performs Insufficient Verification of Data Authenticity

Vendor Clerk
Product javascript
Weakness CWE-345
Published July 9, 2025
Last update July 9, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.

Key dates

02Disclosure timeline

July 9, 2025 CVE published
July 9, 2025 Record updated