Vulnerability in Circl Vulnerability-lookup

CVE-2025-42615

In affected versions, vulnerability-lookup did not track or limit failed One-Time Password (OTP) attempts during Two-Factor Authentication (2FA) verification. An attacker who already knew or guessed a valid username and password could s…

EPSS: 0.003 (24.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References