CVE-2025-10908 — Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security c — CVE Database · The Intelligence Room