CVE-2025-67507

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Filament versions 4.0.0 through 4.3.0

Description Filament, a collection of full-stack components for accelerated Laravel development, has an issue in how it manages recovery codes for application-based multi-factor authentication. The flaw allows the same recovery code to be reused repeatedly. This does not impact email-based multi-factor authentication and only occurs when recovery codes are enabled.

Recommendations Update to version 4.3.1 or later.

Exploit

Fix

Authentication Bypass Using an Alternate Path or Channel

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-287

Related Identifiers

CVE-2025-67507

GHSA-PVCV-Q3Q7-266G

Affected Products

Filament

CVE-2025-67507

Weakness Enumeration

Related Identifiers

Affected Products

References · 10