Drupal · Simple Oauth (Oauth2) & Openid Connect · CVE-2025-12466
**Name of the Vulnerable Software and Affected Versions**
Drupal Simple OAuth (OAuth2) & OpenID Connect versions 6.0.0 through 6.0.6
**Description**
A flaw exists in Simple OAuth (OAuth2) & OpenID Connect that permits authentication bypass. This issue allows bypassing normal authentication mechanisms through an alternate path or channel.
**Recommendations**
Update Simple OAuth (OAuth2) & OpenID Connect to a version later than 6.0.6.