CVE-2025-71279
CRITICAL WAF: Low
CVSS 9.8
Published: 2026-04-01
CWE-287
XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may be able to compromise the security of Passkey-based authentication.
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| xenforo | xenforo | up to 2.3.7 |
References
- www.vulncheck.com (Third Party Advisory)
- xenforo.com (Release Notes)