AI description
CVE-2025-71279 describes an improper authentication vulnerability (CWE-287) found in XenForo versions prior to 2.3.7. This security flaw specifically impacts Passkeys that have been added to user accounts. Exploitation of this vulnerability involves an authentication bypass, allowing an attacker to compromise the security of Passkey-based authentication. The attack can be launched remotely and does not require user interaction or elevated privileges. Successful exploitation could result in unauthorized access to user accounts, potentially affecting the confidentiality, integrity, and availability of the affected systems. A patch is available, and users are advised to upgrade to XenForo version 2.3.7 or later.
- Description
- XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- xenforo
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-287
- Hype score
- Not currently trending
🚨 CVE-2025-71279: XenForo <2.3.7 tem vulnerabilidade crítica em passkeys. CVSS 9.8. Atacantes podem comprometer autenticação sem credenciais.
@galdinociber
1 Apr 2026
168 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-71279 XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey… https://t.co/ndixjUutdh
@CVEnew
1 Apr 2026
146 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡ New CVE Alert: CVE-2025-71279 📊 Severity: 9.8 🚨 Risk Level: Critical 🧩 Affects: Multiple / Unspecified Products Reference: https://t.co/owgLP2WPyd #CVE-2025-71279 #CVE #Critical #CyberSecurity #InfoSec https://t.co/cdO2EzKRMh
@CVEarity
1 Apr 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
XenForo Passkey Flaw CVE-2025-71279 Enables Critical Security Bypass https://t.co/OdGJsDnQPB #cybersecuritynews #XenForo
@cybrsecpath
1 Apr 2026
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-71279 - Critical XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication. https://t.co/pDJtRZDRR8 https://t.co/MOO5GNEw57
@TheHackerWire
1 Apr 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-71279: CRITICAL] XenForo <2.3.7 has a security flaw impacting Passkeys in user accounts, compromising authentication security. Keep systems updated for cyber security.#cve,CVE-2025-71279,#cybersecurity https://t.co/OnDyFv8Z9y
@CveFindCom
1 Apr 2026
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-71279: XenForo Passkey Security Bypass ... Passkey bypass with zero auth requirements and 9.3 CVSS means XenForo forums are wide open—patch immediately before att... https://t.co/TxMQtaIJpj #netsec #vulnerability #CVE #sysadmin #zeroday
@0dayPublishing
1 Apr 2026
139 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xenforo:xenforo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ADDC458-D5EB-4B70-9EE7-93C78E81EDBD",
"versionEndExcluding": "2.3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]