CVE-2025-27935

Vulnerability Description

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.

Related Weaknesses (CWE)

CWE-306

References

https://support.pingidentity.com/s/article/SECADV051-PingFederate-OTP-Integratio
https://www.pingidentity.com/en/resources/downloads/pingfederate.html

FAQ

What is CVE-2025-27935?

CVE-2025-27935 is a documented vulnerability. The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassin...

How severe is CVE-2025-27935?

CVSS scoring is not yet available for CVE-2025-27935. Check NVD for updates.

Is there a patch for CVE-2025-27935?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.