CVE-2025-71279

Published: Apr 01, 2026 Last Modified: Apr 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

CRITICAL 9,8

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.

287

Improper Authentication

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: ICS/OT, Not Technology-Specific, Web Based

Likelihood of Exploit: High

View CWE Details

https://www.vulncheck.com/advisories/xenforo-passkey-securi…

https://www.vulncheck.com/advisories/xenforo-passkey-security-bypass

https://xenforo.com/community/threads/xenforo-2-3-7-release…

https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-…

CVE-2025-71279

Description

Improper Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter