CNNVD-202512-2021 Information
CNNVD ID
CNNVD-202512-2021
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
Filament是Filament开源的一个用于加速 Laravel 开发的全栈组件的集合。 Filament 4.0.0版本至4.3.0版本存在安全漏洞,该漏洞源于处理基于应用的多因素身份验证恢复代码时存在缺陷,可能导致恢复代码被无限期重复使用。
Description (English)
Filament is a collection of all-canton components to accelerate the development of Laravel. There is a security loophole in versions 4.0.0 to 4.3.0 of Filament, which stems from deficiencies in the handling of multi-factor authentication recovery codes based on applications, which may lead to their indefinite reuse.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Filament
Published
2025-12-10
Last Modified
2026-02-24
References
https://github.com/filamentphp/filament/commit/87ff60ad9b6e16d4e14ee36a220b8917dd7b0815 https://github.com/filamentphp/filament/security/advisories/GHSA-pvcv-q3q7-266g https://access.redhat.com/security/cve/cve-2025-67507
Patch
https://github.com/filamentphp/filament/releases
Share on: