VYPR
High severityOSV Advisory· Published Dec 10, 2025· Updated Dec 10, 2025

Filament's multi-factor authentication (app) recovery codes can be used multiple times

CVE-2025-67507

Description

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.3.0 contain a flaw in the handling of recovery codes for app-based multi-factor authentication, allowing the same recovery code to be reused indefinitely. This issue does not affect email-based MFA. It also only applies when recovery codes are enabled. This issue is fixed in version 4.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
filament/filamentPackagist
>= 4.0.0, < 4.3.14.3.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.