Privilege Escalation Issue in Drupal's Two-factor Authentication Module
CVE-2025-7030

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
8 July 2025

What is CVE-2025-7030?

The Two-factor Authentication (TFA) module in Drupal is susceptible to a privilege escalation vulnerability caused by incorrectly configured access control mechanisms. This security flaw allows attackers to exploit improperly set security levels, leading to unauthorized actions and access within the system. Users of versions from 0.0.0 up to 1.10.9 are particularly at risk, making it essential to upgrade to address these critical access control weaknesses.

Affected Version(s)

Two-factor Authentication (TFA) 0.0.0 < 1.11.0

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Conrad Lara (cmlara)
Conrad Lara (cmlara)
cilefen (cilefen)
Dan Smith (galooph)
Greg Knaddison (greggles)
Jess (xjm)
.
CVE-2025-7030 : Privilege Escalation Issue in Drupal's Two-factor Authentication Module