Drupal · Drupal Two-Factor Authentication · CVE-2025-31694
**Name of the Vulnerable Software and Affected Versions**
Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.10.0
**Description**
The issue is related to an Incorrect Authorization vulnerability in the Drupal Two-factor Authentication (TFA) module, allowing Forceful Browsing.
**Recommendations**
For versions 0.0.0 through 1.10.0, update to a version 1.10.0 or later to resolve the issue.