CVE-2025-47708
EPSS 0.10%Published: 5/7/2025Modified: 12/10/2025
Also known as:DRUPAL-CONTRIB-2025-054
Description
The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery (CSRF) attacks.
Affected packages (1)
- Packagist/drupal/miniorange_2fafrom 0, < 4.7.0 | >= 5.0.1, < 5.2.0