CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-31694

Incorrect Authorization vulnerability in Drupal Two-factor Authentication (TFA) allows Forceful Browsing.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.10.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.5%

CVSS Severity

CVSS v3 Score 8.1

References

https://www.drupal.org/sa-contrib-2025-023

Products affected by CVE-2025-31694

Two-Factor Authentication Project » Two-Factor Authentication » Version: 6.x-1.0

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:6.x-1.0
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-1.0

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-1.0
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-1.x

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-1.x
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-2.0

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-2.0
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-2.1

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-2.1
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-2.2

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-2.2
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-2.3

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-2.3
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-2.4

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-2.4
Two-Factor Authentication Project » Two-Factor Authentication » Version: 7.x-2.x

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:7.x-2.x
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.0

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.0
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.1

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.1
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.2

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.2
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.3

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.3
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.4

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.4
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.5

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.5
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.6

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.6
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.7

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.7
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.8

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.8
Two-Factor Authentication Project » Two-Factor Authentication » Version: 8.x-1.9

cpe:2.3:a:two-factor_authentication_project:two-factor_authentication:8.x-1.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-31694

Products

Pricing

Contact Us