Quest · Quest One Identity · CVE-2025-56689
**Name of the Vulnerable Software and Affected Versions**
Quest One Identity version 7.5.1.20903
**Description**
A crafted response manipulation can bypass the One-Time Password (OTP) on the Multi-Factor Authentication (MFA) page, leading to unauthorized access to the Privileged Access Management (PAM) portal without OTP verification. This allows attackers to control arbitrary accounts.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.