CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

June 18, 2025

CVE ID : CVE-2025-49591

Published : June 18, 2025, 11:15 p.m. | 2 hours, 47 minutes ago

Description : CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user’s credentials can gain access to the victim’s account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49590 – CryptPad Link Bouncer JavaScript URI Bypass XSS

Next Article SSRF Flaw (CVE-2025-6087) in OpenNext for Cloudflare Allows Unauthenticated Content Proxying

Highlights

CVE-2023-7303 – Q2Apro Q2Apro-On-Site-Notifications Cross Site Scripting Vulnerability

May 7, 2025

CVE ID : CVE-2023-7303

Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago

Description : A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.8 is able to address this issue. The patch is named 0ca85ca02f8aceb661e9b71fd229c45d388ea5b5. It is recommended to upgrade the affected component.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Representative Line: Brace Yourself

Beyond the Pilot: A Playbook for Enterprise-Scale Agentic AI

GitHub launches MCP Registry to provide central location for trusted servers

MongoDB brings Search and Vector Search to self-managed versions of database

Distribution Release: Security Onion 2.4.180

Distribution Release: Omarchy 3.0.1

Distribution Release: Mauna Linux 25

Distribution Release: SparkyLinux 2025.09

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Shopping Portal using Python Django & MySQL

Perficient Earns Adobe’s Real-time CDP Specialization

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Valve Survey Reveals Slight Retreat in Steam-on-Linux Share

Review: Elecrow’s All-in-one Starter Kit for Pico 2

FOSS Weekly #25.38: GNOME 49 Release, KDE Drama, sudo vs sudo-rs, Local AI on Android and More Linux Stuff

CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

IBM Backup Services Vulnerability Let Attackers Escalate Privileges

Microsoft will force updates for Teams clients released over 90 days ago

CVE-2025-6122 – Code-projects Restaurant Order System SQL Injection

CVE-2025-5028 – ESET Windows Installation File Privilege Escalation Vulnerability

CVE-2023-7303 – Q2Apro Q2Apro-On-Site-Notifications Cross Site Scripting Vulnerability

Ubuntu 25.10 Snapshot 2 is Now Available to Download

CVE-2025-6751 – Linksys E8450 HTTP POST Request Handler Buffer Overflow

Download & Install Apple Music in Windows 11

CVE-2025-49591 – CryptPad Two-Factor Authentication Path Parameter Bypass

Related Posts