CVE-2025-10928

CVE-2025-10928: Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108

Vendor Drupal
Product Access code
Weakness CWE-307 · Brute force
Published October 29, 2025
Last update October 30, 2025

CVSS base score

What the vulnerability does

01Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.

Key dates

02Disclosure timeline

October 29, 2025 CVE published
October 30, 2025 Record updated