CVE-2025-12760

CVE-2025-12760: Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115

Vendor Drupal
Product Email TFA
Weakness CWE-288
Published November 18, 2025
Last update November 18, 2025

CVSS base score

What the vulnerability does

01Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.

Key dates

02Disclosure timeline

November 18, 2025 CVE published
November 18, 2025 Record updated