authentik: OAuth/SAML Deactivated Users Can Partially Access System and Authorize Applications

In authentik versions 2025.4.4 and earlier and 2025.6.0-rc1 through 2025.6.3 a high severity vulnerability CVE-2025-53942 was identified. This vulnerability allows deactivated OAuth/SAML users to remain in a half-authenticated state, where they can’t access the API but can still authorize applications if they know the URL. To address this issue, users should upgrade Authentik to versions 2025.4.4 or 2025.6.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-53942.