CVE-2025-6675
EPSS 0.13%Published: 6/25/2025Modified: 12/10/2025
Also known as:DRUPAL-CONTRIB-2025-082
Description
The module enables you to add second-factor authentication on top of the default Drupal login. The module does not sufficiently ensure that known authorization routes are protected. This vulnerability is mitigated by the fact that an attacker must obtain the user's username and password.
Affected packages (1)
- Packagist/drupal/miniorange_2fafrom 0, < 4.8.0 | >= 5.0.1, < 5.2.1