Home
HIGH: 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HDefault status
unaffected
Any version before 2.16.5
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.16.5
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.16.5
affected
Default status
unaffected
Any version before 2.18.0
affected
Default status
unaffected
Any version before 2.16.5
affected
Description
An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
Problem types
CWE-639 Authorization Bypass Through User-Controlled Key
Product status
Any version before 2.16.5
Any version before 2.18.0
Any version before 2.18.0
Any version before 2.16.5
Any version before 2.18.0
Any version before 2.16.5
Any version before 2.18.0
Any version before 2.16.5
Credits
Peter Husted Simonsen
Irwin Przeperski
Eviden
References
certvde.com/en/advisories/VDE-2025-035
certvde.com/en/advisories/VDE-2025-038