Strix
26.1K

CVE-2025-56689

MEDIUMCVSS 4.6/10EPSS 1.27%

Last modified

CVE-2025-56689 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying the same response. EPSS estimates a 1.27% chance of exploitation in the next 30 days.

Description

One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying the same response. NOTE: this is disputed by the Supplier because, by design, the product successfully authenticates a client that possesses a cookie whose validity time interval includes the current time, and thus authentication after any type of "interception" is not a violation of the security model. (The cookie has the HttpOnly attribute.)

Metrics

CVSS 3.1
4.6/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

EPSS Probability
1.27%

66.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QuestOne Identity7.5.1.20903

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2025-56689?
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying the same response. NOTE: this is disputed by the Supplier because, by design, the product successfully authenticates a client that possesses a cookie whose validity time interval includes the current time, and thus authentication after any type of "interception" is not a violation of the security model. (The cookie has the HttpOnly attribute.)
How severe is CVE-2025-56689?
CVE-2025-56689 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 1.27% probability of exploitation in the next 30 days.
How do I fix CVE-2025-56689?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-56689?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST