CVE-2025-31694

CVE-2025-31694: Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2025-023

Vendor Drupal
Product Two-factor Authentication (TFA)
Weakness CWE-288
Published March 31, 2025
Last update April 29, 2025

CVSS base score

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
April 29, 2025 Record updated