CVE-2025-6675: Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-082

Q: What is the severity of CVE-2025-6675?

CVE-2025-6675 is classified as a critical vulnerability due to its potential for authentication bypass.

Q: How do I fix CVE-2025-6675?

To remediate CVE-2025-6675, update your Drupal Enterprise MFA - TFA module to versions 4.8.0, 5.2.1 or newer.

Q: Which software is affected by CVE-2025-6675?

CVE-2025-6675 affects versions of Drupal Enterprise MFA - TFA before 4.8.0, and between 5.2.0 and 5.2.1.

Q: What are the risks associated with CVE-2025-6675?

The main risks of CVE-2025-6675 include unauthorized access to accounts due to authentication bypass.

Q: Is CVE-2025-6675 being actively exploited?

As of now, there are no public reports indicating active exploitation of CVE-2025-6675, but this could change.

Published Jun 26, 2025

Updated

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*.

Affected Software

3 affected components

Drupal Enterprise MFA - TFA<4.8.0, >=5.2.0<5.2.1, <5.0.*, <5.1.*

miniOrange Miniorange 2fa Drupal<4.8.0

miniOrange Miniorange 2fa Drupal>=5.0.1<5.2.1

Event History

Jun 26, 2025

CVE Published

via MITRE·01:33 PM

Data Sourced

via MITRE·01:33 PM

DescriptionWeakness

Data Sourced

via NVD·02:15 PM

DescriptionSeverityWeaknessAffected Software

Sep 25, 57523

Event

via FIRST·02:10 AM

Frequently Asked Questions

What is the severity of CVE-2025-6675?

CVE-2025-6675 is classified as a critical vulnerability due to its potential for authentication bypass.

How do I fix CVE-2025-6675?

To remediate CVE-2025-6675, update your Drupal Enterprise MFA - TFA module to versions 4.8.0, 5.2.1 or newer.

Which software is affected by CVE-2025-6675?

CVE-2025-6675 affects versions of Drupal Enterprise MFA - TFA before 4.8.0, and between 5.2.0 and 5.2.1.

What are the risks associated with CVE-2025-6675?

The main risks of CVE-2025-6675 include unauthorized access to accounts due to authentication bypass.

Is CVE-2025-6675 being actively exploited?

As of now, there are no public reports indicating active exploitation of CVE-2025-6675, but this could change.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.