Main Vulnerability Database Vulnerabilities #VU113371

Privilege Defined With Unsafe Actions in Two-factor Authentication (TFA) - CVE-2025-7030

Published: July 29, 2025

Vulnerability identifier: #VU113371

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-7030

CWE-ID: CWE-267

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: coltrane

Affected software:
Two-factor Authentication (TFA)

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to the affected application does not sufficiently ensure that users with enhanced privileges are prevented from viewing recovery codes of other users. A remote administrator can exploit incorrectly configured access control security levels.

How to mitigate CVE-2025-7030

Install updates from vendor's website.

Sources

https://www.drupal.org/sa-contrib-2025-085

Privilege Defined With Unsafe Actions in Two-factor Authentication (TFA) - CVE-2025-7030

Detailed vulnerability description

How to mitigate CVE-2025-7030

Sources

Please verify you're human