Privilege Escalation Issue in Drupal's Two-factor Authentication Module
CVE-2025-7030
Currently unrated
What is CVE-2025-7030?
The Two-factor Authentication (TFA) module in Drupal is susceptible to a privilege escalation vulnerability caused by incorrectly configured access control mechanisms. This security flaw allows attackers to exploit improperly set security levels, leading to unauthorized actions and access within the system. Users of versions from 0.0.0 up to 1.10.9 are particularly at risk, making it essential to upgrade to address these critical access control weaknesses.
Affected Version(s)
Two-factor Authentication (TFA) 0.0.0 < 1.11.0