How severe is CVE-2025-66489?

The severity of CVE-2025-66489 has not been assessed with CVSS v3.

CVE-2025-66489

NONE

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gainin

Veröffentlicht: 12/3/2025Aktualisiert: 12/4/2025

Beschreibung

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.

KI-AnalyseKI-gestützt

Referenzen

https://github.com/calcom/cal.com/security/advisories/GHSA-9r3w-4j8q-pw98