Base Score

MEDIUM6.3

CVE-2025-10928

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5.

VectorNETWORK

Published Bymlhess@drupal.org

Published DateOct 30, 2025, 00:15

Affected Versions(1)

drupal/access_code(Packagist)

Introduced0

Fixed2.0.5

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
drupal/access_code(Packagist)	0	2.0.5	N/A

Weakness Type (CWE):CWE-307

CVSS Metrics

Base Score

6.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW

References

https://www.drupal.org/sa-contrib-2025-108

Base Score

MEDIUM6.3

Weakness Type (CWE):CWE-307

CVSS Metrics

Base Score

6.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

LOW