Main Vulnerability Database Vulnerabilities #VU109199

Improper access control in One Time Password - CVE-2025-48011

Published: May 15, 2025

Vulnerability identifier: #VU109199

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-48011

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Sam152

Affected software:
One Time Password

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently prevent TFA from being bypassed when using the REST login routes. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

How to mitigate CVE-2025-48011

Install updates from vendor's website.

Sources

https://www.drupal.org/sa-contrib-2025-062

Improper access control in One Time Password - CVE-2025-48011

Detailed vulnerability description

How to mitigate CVE-2025-48011

Sources

Please verify you're human