CVE-2025-8995
BaseFortify
Publication date: 2025-08-15
Last updated on: 2025-08-21
Assigner: Drupal.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| authenticator_login_project | authenticator_login | to 2.1.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass in the Drupal Authenticator Login module. It allows attackers to bypass the normal authentication process by using an alternate path or channel, potentially granting unauthorized access.
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing attackers to gain unauthorized access to the system without proper authentication. This can lead to full compromise of confidentiality, integrity, and availability of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards and regulations such as GDPR and HIPAA because unauthorized access may lead to exposure or alteration of sensitive personal or health data, violating data protection requirements.