CVE-2025-56689

Name of the Vulnerable Software and Affected Versions Quest One Identity version 7.5.1.20903

Description A crafted response manipulation can bypass the One-Time Password (OTP) on the Multi-Factor Authentication (MFA) page, leading to unauthorized access to the Privileged Access Management (PAM) portal without OTP verification. This allows attackers to control arbitrary accounts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.