Security Advisory

CVE-2025-66489

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 19:44:35

Last updated 2025-12-03 21:48:27

Assigner GitHub_M

State PUBLISHED

Description

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.

← Browse all CVEs View on cve.org ↗