CVE-2025-47709

EPSS 0.23%

Published: 5/7/2025Modified: 12/10/2025

Description

The module enables you to add second-factor authentication in addition to the default Drupal login. The module doesn't sufficiently protect certain sensitive routes, allowing an attacker to view or modify various TFA-related settings.

Affected packages (1)

Packagist/drupal/miniorange_2fafrom 0, < 4.7.0 | >= 5.0.1, < 5.2.0

References (1)

WEBhttps://www.drupal.org/sa-contrib-2025-055