CVE-2025-12466 | THREATINT

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Simple OAuth (OAuth2) & OpenID Connect allows Authentication Bypass.This issue affects Simple OAuth (OAuth2) & OpenID Connect: from 6.0.0 before 6.0.7.

PUBLISHED Reserved 2025-10-29 | Published 2025-10-29 | Updated 2025-10-30 | Assigner drupal

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status

unaffected

6.0.0 (semver) before 6.0.7

affected

Credits

coffeemakr finder

Bojan Bogdanovic (bojan_dev) remediation developer

coffeemakr remediation developer

Juraj Nemec (poker10) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-contrib-2025-114

cve.org (CVE-2025-12466)

nvd.nist.gov (CVE-2025-12466)

Download JSON