CVE-2025-13082

Published Nov 18, 2025

Last updated 5 months ago

CVSS medium 4.3

Overview

Description: User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
Source: mlhess@drupal.org
NVD status: Analyzed
Products: drupal

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Severity: MEDIUM

Weaknesses

mlhess@drupal.org: CWE-451

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "187161BC-CF72-4A12-9DA7-637A024DD97A",
            "versionEndExcluding": "10.4.9",
            "versionStartIncluding": "8.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6637885B-CE3E-4FCE-9899-A21BA12F6C87",
            "versionEndExcluding": "10.5.6",
            "versionStartIncluding": "10.5.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "A80C15FD-FB6B-4E22-B836-8A18842BEED0",
            "versionEndExcluding": "11.1.9",
            "versionStartIncluding": "11.0.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4D477FF8-4E52-43B9-8799-36DAEB8524E0",
            "versionEndExcluding": "11.2.8",
            "versionStartIncluding": "11.2.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References