CVE-2025-7030

CVE-2025-7030: Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085

Vendor Drupal
Product Two-factor Authentication (TFA)
Weakness CWE-267
Published July 8, 2025
Last update July 9, 2025

CVSS base score

What the vulnerability does

01Description

Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.

Key dates

02Disclosure timeline

July 8, 2025 CVE published
July 9, 2025 Record updated