Brute Force Vulnerability in Email TFA Affects Drupal Product by Drupal
CVE-2025-31676

8.8HIGH

Key Information:

Vendor
Drupal
Status
Email Tfa
Vendor
CVE Published:
31 March 2025

Summary

A vulnerability in the Email TFA module for Drupal allows attackers to exploit weak authentication mechanisms, enabling brute force attacks. This issue affects versions from 0.0.0 up to 2.0.2, potentially compromising user accounts and sensitive data. It is crucial for users to update to the latest version to mitigate this security risk. For more details, visit the official Drupal security advisory.

Affected Version(s)

Email TFA 0.0.0 < 2.0.3

References

https://www.drupal.org/sa-contrib-2025-001

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ursin Cola
Ursin Cola
abdulaziz zaid
Greg Knaddison
Juraj Nemec
.