Yubico Issues Security Advisory As 2FA Bypass Vulnerability Confirmed

Yubico issued a security advisory, YSA-2025-01, confirming a vulnerability in the pam-u2f software package that can enable authentication bypass on Linux and macOS systems. The vulnerability, CVE-2025-23013, classified as high-severity, allows attackers to bypass 2FA in certain configurations, potentially leading to local privilege escalation. Yubico recommends upgrading to the latest version of pam-u2f to mitigate the risk.