Volerion logoVolerion
Volerion logoVolerion

Better Auth Open Redirect Vulnerability in Origin Check Middleware

Vulnerability

An open redirect vulnerability has been identified in the Better Auth authentication and authorization library for TypeScript, affecting versions through 1.2.9. The issue arises in the originCheck middleware function, where the matchesPattern function can be manipulated to allow redirects to untrusted origins. This vulnerability impacts several routes, including /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, and /oauth-proxy-callback.

Impact

The vulnerability allows for open redirects, which can be exploited to redirect users to malicious sites.

Reproduction

To reproduce this vulnerability, use Better Auth version 1.2.9 or earlier and configure the originCheck middleware with a trusted origin that is actually untrusted. Then, access one of the affected routes, such as /reset-password/:token or /verify-email. The request will be redirected to the untrusted origin, demonstrating the open redirect vulnerability.

Remediation

Users can upgrade to Better Auth version 1.2.10 to address this vulnerability.

Added: Jul 7, 2025, 6:49 PM
Updated: Jul 7, 2025, 6:49 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
5.8
remediation
7.7
relevance
0.2
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.