PT-2025-47342 · Drupal · Drupal Email Tfa
Abdulaziz Zaid
+3
·
Published
2025-11-18
·
Updated
2025-12-08
·
CVE-2025-12760
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Email TFA versions prior to 2.0.6
Description
An authentication bypass issue exists in Drupal Email TFA, allowing functionality bypass through an alternate path or channel. The issue impacts the Email TFA module.
Recommendations
Update to version 2.0.6 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Email Tfa