Main Vulnerability Database Vulnerabilities #VU113371

#VU113371 Privilege Defined With Unsafe Actions in Two-factor Authentication (TFA) - CVE-2025-7030

Published: July 29, 2025

Vulnerability identifier: #VU113371

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-7030

CWE-ID: CWE-267

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Two-factor Authentication (TFA)

Software vendor:
coltrane

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the affected application does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. A remote administrator can exploit incorrectly configured access control security levels.

Remediation

Install updates from vendor's website.

External links

https://www.drupal.org/sa-contrib-2025-085

#VU113371 Privilege Defined With Unsafe Actions in Two-factor Authentication (TFA) - CVE-2025-7030

Description

Remediation

External links

Please verify you're human