CVE-2025-6675
Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082
CVSS Score
4.8
EPSS Score
0.0%
EPSS Percentile
0th
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.
| CWE | CWE-288 |
| Vendor | drupal |
| Product | enterprise mfa - tfa for drupal |
| Ecosystems | |
| Industries | WebMedia |
| Published | Jun 26, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for drupal enterprise mfa - tfa for drupal
Be the first to know when new medium vulnerabilities affecting drupal enterprise mfa - tfa for drupal are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Drupal / Enterprise MFA - TFA for Drupal
0.0.0 < 4.8.0 5.2.0 < 5.2.1 0.0.0 < 5.0.* 0.0.0 < 5.1.*
Credits
Conrad Lara (cmlara) Sudhanshu Dhage (sudhanshu0542) Greg Knaddison (greggles)