CVE-2025-7030

Medium CVSS: 6.5

Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.

Vendor

Two-factor Authentication Project

Product

Two-factor Authentication

CWE

CWE-267

Yayın Tarihi

2025-07-08 21:15:28

Güncelleme

2025-09-04 17:06:35

Source Identifier

mlhess@drupal.org

KEV Date Added

Kategoriler

CWE-267 Two-factor Authentication MEDIUM Two-factor Authentication Project 2025

Referanslar

https://www.drupal.org/sa-contrib-2025-085

Benzer Kayıtlar

High

CVE-2025-31694

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affe…

Critical

CVE-2024-13279

Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-…

Critical

CVE-2024-13239

Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affec…