CVE-2025-7393 | THREATINT

Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Mail Login allows Brute Force.This issue affects Mail Login: from 3.0.0 before 3.2.0, from 4.0.0 before 4.2.0.

PUBLISHED Reserved 2025-07-09 | Published 2025-07-21 | Updated 2025-07-22 | Assigner drupal

Problem types

CWE-307 Improper Restriction of Excessive Authentication Attempts

Product status

Default status

unaffected

3.0.0 (semver) before 3.2.0

affected

4.0.0 (semver) before 4.2.0

affected

Credits

Ryugo Kinoshita (dc-kinoshita) finder

Damien McKenna (damienmckenna) remediation developer

Mohammad AlQanneh (mqanneh) remediation developer

Greg Knaddison (greggles) coordinator

References

www.drupal.org/sa-contrib-2025-088

cve.org (CVE-2025-7393)

nvd.nist.gov (CVE-2025-7393)

Download JSON