CVE-2025-8616 MEDIUM

CVE-2025-8616: Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication

Vendor Opentext
Product Advanced Authentication
Weakness CWE-294
Published August 6, 2025
Last update August 6, 2025

CVSS base score

6.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0.

Key dates

02Disclosure timeline

August 6, 2025 CVE published
August 6, 2025 Record updated