CVE-2025-7030
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-09-04
Assigner: Drupal.org
Description
Description
Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| two-factor_authentication_project | two-factor_authentication | to 8.x-1.11 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Drupal's Two-factor Authentication (TFA) module involves privilege being defined with unsafe actions due to incorrectly configured access control security levels. It allows an attacker to exploit these misconfigurations to gain unauthorized privileges.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized privilege escalation, potentially allowing attackers to bypass intended access controls and perform actions they should not be permitted to do within the Drupal system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70