CVE-2025-53545
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-08
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Press, a Frappe custom app used in Frappe Cloud, where users can bypass two-factor authentication (2FA) login due to the lack of server-side validation for 2FA. This means that the system does not properly verify the 2FA process on the server, allowing attackers to circumvent this security measure.
How can this vulnerability impact me? :
The vulnerability allows attackers to bypass 2FA login, potentially granting unauthorized access to user accounts and sensitive information. This can lead to compromised accounts, unauthorized actions within the application, and increased risk of data breaches.
What immediate steps should I take to mitigate this vulnerability?
Apply the fix provided in commit ddb439f8eb1816010f2ef653a908648b71f9bba8 to ensure server-side validation of 2FA login is enforced, preventing users from circumventing two-factor authentication.