PT-2025-21198 · Drupal · Enterprise Mfa - Tfa For Drupal
Conrad Lara
+3
·
Published
2025-05-14
·
Updated
2025-06-10
·
CVE-2025-47710
CVSS v3.1
7.4
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x
Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x
Description:
The issue is related to an Authentication Bypass Using an Alternate Path or Channel vulnerability in Enterprise MFA - TFA for Drupal, allowing authentication bypass.
Recommendations:
For Enterprise MFA - TFA for Drupal versions 0.0.0 through 4.6.x, update to version 4.7.0 or later.
For Enterprise MFA - TFA for Drupal versions 5.0.0 through 5.1.x, update to version 5.2.0 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enterprise Mfa - Tfa For Drupal