CVE-2025-53535: Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

July 7, 2025 (updated November 10, 2025)

An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback.

References

github.com/advisories/GHSA-36rg-gfq2-3h56
github.com/better-auth/better-auth
github.com/better-auth/better-auth/commit/9801d1be53d9da04686b94c6286c53ec97496740
github.com/better-auth/better-auth/security/advisories/GHSA-36rg-gfq2-3h56
nvd.nist.gov/vuln/detail/CVE-2025-53535

Code Behaviors & Features

Detect and mitigate CVE-2025-53535 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →