Mail Login - Critical - Access bypass - SA-CONTRIB-2025-088

Project: Mail LoginDate: 2025-July-09Security risk: Critical 15 ∕ 25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Access bypassAffected versions: >3.0.0 <3.2.0 || >=4.0.0 <4.2.0CVE IDs: CVE-2025-7393Description: This module enables users to login by email address with the minimal configurations.
The module included some protection against brute force attacks on the login form, however they were incomplete. An attacker could bypass the brute force protection allowing them to potentially gain access to an account.Solution: Install the latest version:

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2025-088