Authentication Bypass Vulnerability in Drupal Authenticator Login
CVE-2025-8093

8.8HIGH

Key Information:

Vendor: Drupal
Status: Authenticator Login
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-8093?

A security vulnerability exists in the Drupal Authenticator Login that allows attackers to bypass authentication mechanisms. This issue affects versions released from 0.0.0 up to, but not including, version 2.1.8. Successful exploitation could enable unauthorized users to access restricted functionalities without valid credentials, thus compromising the application's security.

Affected Version(s)

Authenticator Login 0.0.0 < 2.1.8

References

https://www.drupal.org/sa-contrib-2025-098

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Jul 23, 2025

Credit

Pierre Rudloff (prudloff)

Ahmed Raza (ahmed.raza)

Pierre Rudloff (prudloff)

Damien McKenna (damienmckenna)

Greg Knaddison (greggles)

Drew Webber (mcdruid)

Juraj Nemec (poker10)

Cathy Theys (yesct)

JSON