Two-Factor Authentication Flaw in Vulnerability-Lookup by Vendor
CVE-2025-42615

8.1HIGH

Key Information:

Vendor

Circl

Status
Vulnerability-lookup
Vendor
CVE Published:
8 December 2025

What is CVE-2025-42615?

The Vulnerability-Lookup tool lacked effective tracking and limiting of failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA). This oversight allowed attackers with valid credentials to submit unlimited OTP codes without triggering account lockouts or alerts for administrators. Such a vulnerability significantly raises the risk of successful account takeovers, particularly if OTPs are short or predictable. The implemented patch now enforces a limit on failed OTP submissions, locking user accounts after five invalid attempts and enhancing oversight on suspicious 2FA activities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Vulnerability-Lookup 0 < 2.18.0

References

https://vulnerability.circl.lu/vuln/gcve-1-2025-0033
vendor-advisory

CVSS V4

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.