Main Vulnerability Database Vulnerabilities #VU104128

Authentication bypass using an alternate path or channel in RoboForm Password Manager - CVE-2025-26700

Published: February 21, 2025

Vulnerability identifier: #VU104128

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-26700

CWE-ID: CWE-288

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Siber Systems

Affected software:
RoboForm Password Manager

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to the authentication bypass using an alternate path or channel. An attacker with physical access can bypass the lock screen and obtain sensitive information.

How to mitigate CVE-2025-26700

Install updates from vendor's website.

Sources

https://jvn.jp/en/vu/JVNVU92071645/
https://www.roboform.com/news-android

Authentication bypass using an alternate path or channel in RoboForm Password Manager - CVE-2025-26700

Detailed vulnerability description

How to mitigate CVE-2025-26700

Sources

Please verify you're human