CVE-2025-6675

Medium CVSS: 4.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.

Vendor

Miniorange

Product

Miniorange 2fa

CWE

CWE-288

Yayın Tarihi

2025-06-26 14:15:34

Güncelleme

2025-07-14 18:10:08

Source Identifier

mlhess@drupal.org

KEV Date Added

Kategoriler

CWE-288 Miniorange 2fa MEDIUM Miniorange 2025

Referanslar

https://www.drupal.org/sa-contrib-2025-082

Benzer Kayıtlar

Medium

CVE-2026-3217

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO -…

High

CVE-2025-47708

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Cross Site Request Forg…

Medium

CVE-2025-47709

Missing Authorization vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Forceful Browsing.This issue affect…

High

CVE-2025-47710

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows…

Medium

CVE-2025-47706

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services w…

High

CVE-2025-47707

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows…