CVE-2025-31694

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Drupal Two-factor Authentication (TFA) versions 0.0.0 through 1.10.0

Description The issue is related to an Incorrect Authorization vulnerability in the Drupal Two-factor Authentication (TFA) module, allowing Forceful Browsing.

Recommendations For versions 0.0.0 through 1.10.0, update to a version 1.10.0 or later to resolve the issue.

Fix

Incorrect Authorization

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-288

Related Identifiers

CVE-2025-31694

DRUPAL-CONTRIB-2025-023

GHSA-HF6C-FGP3-JFCH

Affected Products

Drupal Two-Factor Authentication

CVE-2025-31694

Weakness Enumeration

Related Identifiers

Affected Products

References · 8