CVE-2025-12466 | Simple OAuth & OpenID Connect up to 6.0.6 on Drupal authentication bypass (sa-contrib-2025-114)

A vulnerability has been found in Simple OAuth & OpenID Connect up to 6.0.6 on Drupal and classified as critical. Affected by this issue is some unknown functionality. This manipulation causes authentication bypass using alternate channel.

The identification of this vulnerability is CVE-2025-12466. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More