CVE-2025-8093
published 2025-10-10CVE-2025-8093: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects…
PriorityP359high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.33%
24.7th percentile
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| authenticator_login_project | authenticator_login | < 2.1.8 | 2.1.8 |
| drupal | alogin | >= 0 < 2.1.8 | 2.1.8 |
| drupal | authenticator_login | — | — |
| drupal | authenticator_login | >= 0.0.0 < 2.1.8 | 2.1.8 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pjrr-5qr2-gxw3: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass
ghsa_unreviewed·2025-10-11
CVE-2025-8093 [HIGH] CWE-288 GHSA-pjrr-5qr2-gxw3: Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
OSV
CVE-2025-8093: This module allows users to setup two-factor authentication (2FA) using authenticator apps for enhanced login security
osv·2025-08-27
CVE-2025-8093 CVE-2025-8093: This module allows users to setup two-factor authentication (2FA) using authenticator apps for enhanced login security
This module allows users to setup two-factor authentication (2FA) using authenticator apps for enhanced login security.
The module did not protect all possible login paths provided by core modules.
**CVSS risk score ([experimental](https://www.drupal.org/project/securitydrupalorg/issues/3442181)) 6.3 / Medium**
[CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N)
Drupal
Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
vendor_drupal·2025-08-27
CVE-2025-8093 [MEDIUM] Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
Title: Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
Vulnerability Type: Access bypass
Description: This module allows users to setup two-factor authentication (2FA) using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score ( experimental ) 6.3 / Medium CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Solution: Install the latest version: If you use the Alogin module for Drupal 10^, upgrade to Alogin 2.1.8
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-10-10
Published