Main Vulnerability Database Vulnerabilities #VU109199

#VU109199 Improper access control in One Time Password - CVE-2025-48011

Published: May 15, 2025

Vulnerability identifier: #VU109199

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-48011

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
One Time Password

Software vendor:
Sam152

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected module does not sufficiently prevent TFA from being bypassed when using the REST login routes. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-contrib-2025-062

#VU109199 Improper access control in One Time Password - CVE-2025-48011

Description

Remediation

External links

Please verify you're human