CVE-2025-6675

State: PUBLISHED · Published: 2025-06-26 · Updated: 2026-02-26 · Assigner: drupal

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.

CWE

CWE-288 — CWE-288 Authentication Bypass Using an Alternate Path or Channel

Affected

Drupal / Enterprise MFA - TFA for Drupal — v=0.0.0 <4.8.0 [affected]; v=5.2.0 <5.2.1 [affected]; v=0.0.0 <5.0.* [affected]; v=0.0.0 <5.1.* [affected]

CVSS

(none)

References

https://www.drupal.org/sa-contrib-2025-082

Source

cvelistV5-main/cves/2025/6xxx/CVE-2025-6675.json