CVE-2025-13083

Low CVSS: 3.7

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.

Vendor

Drupal

Product

Drupal

CWE

CWE-525

Yayın Tarihi

2025-11-18 17:15:59

Güncelleme

2026-01-08 16:15:44

Source Identifier

mlhess@drupal.org

KEV Date Added

Kategoriler

CWE-525 Drupal LOW Drupal 2025

Referanslar

https://www.drupal.org/sa-core-2025-008

Benzer Kayıtlar

Medium

CVE-2025-13082

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofin…

Medium

CVE-2025-13080

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This i…

Medium

CVE-2025-13081

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow…

High

CVE-2025-48914

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Con…

High

CVE-2025-48915

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Con…

Medium

CVE-2025-3474

Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Acc…