CVE-2025-10470: Magic Link DoS via Uncontrolled Memory Growth
The National Vulnerability Database has disclosed CVE-2025-10470, a high-severity vulnerability (CVSS 8.6) affecting applications using Magic Link authentication. This flaw, categorized as CWE-400 (Uncontrolled Resource Consumption), allows attackers to trigger a denial-of-service (DoS) condition by repeatedly submitting invalid authentication requests.
The core issue lies in inadequate rate limiting and resource control within the Magic Link flow. This permits an attacker to consume excessive memory resources, leading to service unavailability. The impact is specifically limited to deployments utilizing this authentication method.
While no specific affected products are named, any system relying on Magic Link authentication is potentially at risk. Defenders must understand that this is not a data breach vector, but a direct attack on service availability. The attacker’s calculus is straightforward: flood the system, exhaust resources, and take the service offline.
What This Means For You
- If your organization uses Magic Link authentication, you need to assess your deployments immediately. Check for robust rate limiting and resource management on your authentication endpoints. This isn't theoretical; it's a direct path to a denial of service. Prioritize patching or implementing compensating controls to prevent an attacker from easily crippling your service availability.
Related ATT&CK Techniques
🛡️ Detection Rules
2 rules · 6 SIEM formats2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2025-10470: Magic Link Excessive Invalid Authentication Attempts
title: CVE-2025-10470: Magic Link Excessive Invalid Authentication Attempts
id: scw-2026-05-11-ai-1
status: experimental
level: high
description: |
Detects a high volume of failed Magic Link authentication attempts (HTTP 401) from a single source IP to the '/auth/magic-link' endpoint within a short time frame. This is indicative of the uncontrolled memory growth vulnerability (CVE-2025-10470) leading to a denial-of-service condition.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2025-10470/
tags:
- attack.impact
- attack.t1499
logsource:
category: authentication
detection:
selection:
sc-status|exact:
- '401'
cs-uri|exact:
- '/auth/magic-link'
cs-method|exact:
- 'POST'
selection_base:
src_ip|exact:
- '127.0.0.1'
selection_indicators:
field|exact:
- 'User'
condition: selection AND selection_base AND selection_indicators
aggregation:
time_window: 300s
count: 100
by: src_ip
condition: count(src_ip) > 100 AND time_window(300s)
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-10470 | DoS | Magic Link authentication flow |
| CVE-2025-10470 | DoS | uncontrolled memory usage growth |
| CVE-2025-10470 | DoS | lack of adequate rate limiting on authentication requests |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 11, 2026 at 15:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-8290 — Open5GS Denial of Service
CVE-2026-8290 — A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the...
CVE-2026-8289 — Open5GS Denial of Service
CVE-2026-8289 — A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF....
Cockpit CVE-2026-4802: Remote Command Execution via Unsanitized Logs
CVE-2026-4802 — A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized...