216.73.216.86

CVE-2025-61482

· Published 27/10/2025 15:15 · Modified 27/10/2025 18:15

Labels: CVE-2025-61482 2025-10-27CVE-2025-61482CWE-200[email protected]

Essential information

Published
27/10/2025 15:15
Modified
27/10/2025 18:15
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets, enabling generation of valid one-time passwords, and bypassing authentication for enrolled accounts.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
netknights / privacyidea authenticator cpe:2.3:a:netknights:privacyidea_authenticator:4.3.0:*:*:*:*:*:*:*

References