DRUPAL-CONTRIB-2025-082

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/miniorange_2fa/DRUPAL-CONTRIB-2025-082.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-082
Aliases
  • CVE-2025-6675
Published
2025-06-25T18:42:17Z
Modified
2025-12-10T23:41:28.808442Z
Summary
[none]
Details

The module enables you to add second-factor authentication on top of the default Drupal login.

The module does not sufficiently ensure that known authorization routes are protected.

This vulnerability is mitigated by the fact that an attacker must obtain the user's username and password.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/miniorange_2fa

Package

Name
drupal/miniorange_2fa
Purl
pkg:composer/drupal/miniorange_2fa

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.8.0
Database specific 
{
    "constraint": "<4.8.0"
}
Type
ECOSYSTEM
Events
Introduced
5.0.1
Fixed
5.2.1
Database specific 
{
    "constraint": ">=5.0.1 <5.2.1"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/miniorange_2fa/DRUPAL-CONTRIB-2025-082.json"
affected_versions 
"<4.8.0 || >=5.0.1 <5.2.1"
patched 
true