CVE-2025-8995
Authenticator Login - Highly critical - Access bypass - SA-CONTRIB-2025-096
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.
| CWE | CWE-288 |
| Vendor | drupal |
| Product | authenticator login |
| Ecosystems | |
| Industries | WebMedia |
| Published | Aug 15, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for drupal authenticator login
Be the first to know when new critical vulnerabilities affecting drupal authenticator login are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Drupal / Authenticator Login
0.0.0 < 2.1.4
Credits
Pierre Rudloff (prudloff) Ahmed Raza (ahmed.raza) Damien McKenna (damienmckenna) Dan Smith (galooph) Greg Knaddison (greggles) Cathy Theys (yesct)