CVE-2025-66489

CRITICAL LAB

Cal.com < 5.9.8 - Authentication Bypass via TOTP Code

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66489. PoCs published by exploitintel.

AI-analyzed exploit summary The repository contains functional Python PoC scripts demonstrating an authentication bypass vulnerability in Cal.com via TOTP code injection. The exploit leverages a logic flaw in the NextAuth credentials provider to skip password verification entirely.

Description

Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-66489

View Code ZIP pw:eip

The repository contains functional Python PoC scripts demonstrating an authentication bypass vulnerability in Cal.com via TOTP code injection. The exploit leverages a logic flaw in the NextAuth credentials provider to skip password verification entirely.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cal.com < 5.9.8

No auth needed

Prerequisites: valid email address of a target account

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, Exploit x_refsource_confirm

https://github.com/calcom/cal.com/security/advisories/GHSA-9r3w-4j8q-pw98

Related Analysis

72-Hour Stress Test

Scores

CVSS v3 9.8

EPSS 0.0079

EPSS Percentile 51.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Lab Environment

EIP LAB

vulnerable docker pull ghcr.io/exploitintel/cve-2025-66489-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-303

Status published

Products (1)

cal/cal.com < 5.9.8

Published Dec 03, 2025

Tracked Since Feb 18, 2026