Home

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.4.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-15 | Updated 2025-08-16 | Assigner drupal

Problem types

CWE-288 Authentication Bypass Using an Alternate Path or Channel

Product status

Default status
unaffected

0.0.0 before 2.1.4
affected

Credits

Pierre Rudloff (prudloff) finder

Ahmed Raza (ahmed.raza) remediation developer

Damien McKenna (damienmckenna) coordinator

Dan Smith (galooph) coordinator

Greg Knaddison (greggles) coordinator

Cathy Theys (yesct) coordinator

References

www.drupal.org/sa-contrib-2025-096

cve.org (CVE-2025-8995)

nvd.nist.gov (CVE-2025-8995)

Download JSON