CVE-2025-12466

CVE-2025-12466: Simple OAuth (OAuth2) & OpenID Connect - Critical - Access bypass - SA-CONTRIB-2025-114

Vendor Drupal
Product Simple OAuth (OAuth2) & OpenID Connect
Weakness CWE-288
Published October 29, 2025
Last update October 30, 2025

CVSS base score

What the vulnerability does

01Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

Key dates

02Disclosure timeline

October 29, 2025 CVE published
October 30, 2025 Record updated