Authentication Bypass Vulnerability in Drupal Enterprise MFA - TFA
CVE-2025-47710

7.4HIGH

Key Information:

Vendor: Drupal
Status: Enterprise Mfa - Tfa For Drupal
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-47710?

A vulnerability in Drupal's Enterprise MFA - TFA allows attackers to bypass authentication mechanisms through alternate paths or channels. This issue primarily affects versions prior to 4.7.0 and from 5.0.0 before 5.2.0, potentially exposing user accounts to unauthorized access and compromising the integrity of protected resources. Proper security measures and updates are essential to mitigate these risks.

Affected Version(s)

Enterprise MFA - TFA for Drupal 0.0.0 < 4.7.0

Enterprise MFA - TFA for Drupal 5.0.0 < 5.2.0

References

https://www.drupal.org/sa-contrib-2025-056

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
May 7, 2025

Credit

Conrad Lara (cmlara)

Sudhanshu Dhage (sudhanshu0542)

Greg Knaddison (greggles)

Juraj Nemec (poker10)