CVE-2025-6675

CVE-2025-6675: Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082

Vendor Drupal

Product Enterprise MFA - TFA for Drupal

Weakness CWE-288

Published June 26, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.

Key dates

Disclosure timeline

June 26, 2025 CVE published

February 26, 2026 Record updated

Identifiers

CVE CVE-2025-6675

CWE CWE-288

Affected versions

Vendor Drupal

Product Enterprise MFA - TFA for Drupal

Affected ≥ 0.0.0 and < 4.8.0

Vendor Drupal

Product Enterprise MFA - TFA for Drupal

Affected ≥ 5.2.0 and < 5.2.1

Vendor Drupal

Product Enterprise MFA - TFA for Drupal

Affected ≥ 0.0.0 and < 5.0.*

Vendor Drupal

Product Enterprise MFA - TFA for Drupal

Affected ≥ 0.0.0 and < 5.1.*