CVE Details
Basic Information
| Title | CVE-2025-48012 |
|---|---|
| Type | cve |
| Published | 2025-05-21T17:15:58 |
| Last Seen | 2025-05-21T17:29:49 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | NETWORK |
| Attack Complexity | HIGH |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | NONE |
AI Analysis
| AI Description | This vulnerability allows attackers to bypass authentication in the Drupal One Time Password module by capturing and replaying valid credentials. This could allow unauthorized access to user accounts, potentially leading to data breaches or system compromise. The issue is specific to the One Time Password functionality and does not affect other parts of the Drupal platform. |
|---|---|
| AI Severity | Medium |
| Vendor | Drupal Community |
| Product | Drupal One Time Password |
| Affected Version | Unspecified; refer to the vulnerability description or vendor advisory for affected versions. |
Additional Information
| CVE List | CVE-2025-48012 |
|---|---|
| CWE List | CWE-294 |
| Bulletin Family | cve |
Description
Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)