High severityNVD Advisory· Published Dec 4, 2025· Updated Apr 15, 2026

CVE-2025-27935

Description

The OTP Integration Kit for PingFederate fails to enforce HTTP method validation and state validation properly. The server advances the authentication state without verifying the OTP, thereby bypassing multi-factor authentication.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.pingidentity.com/s/article/SECADV051-PingFederate-OTP-Integration-Kit-authentication-bypassnvd
www.pingidentity.com/en/resources/downloads/pingfederate.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000