Cal.com Security Update Advisory (CVE-2025-66489)

Dec 11 2025

Overview

We have released a security update to address a vulnerability in Cal.com. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-66489

Cal.com Version: 5.9.7 and earlier

Resolved Vulnerabilities

Authentication bypass vulnerability due to incorrect TOTP and password validation in Cal.com (CVE-2025-66489)

Vulnerability Patches

Vulnerability Patches have been made available with the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-66489

Cal.com Version: 5.9.8

References

[1] Authentication Bypass via bad TOTP + password checks
https://github.com/calcom/cal.com/security/advisories/GHSA-9r3w-4j8q-pw98

Cal.com Security Update Advisory (CVE-2025-66489)

Apache Security Update Advisory (CVE-2025-59789)

Array Networks Product Security Update Advisory (CVE-2025-66644)

Tags:

Apache Security Update Advisory (CVE-2025-59789)

Array Networks Product Security Update Advisory (CVE-2025-66644)