CVE-2025-12082

Description

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

PUBLISHED Reserved 2025-10-22 | Published 2025-10-29 | Updated 2025-10-30 | Assigner drupal

Problem types

CWE-863 Incorrect Authorization

Product status

Credits

Lee Rowlands (larowlan) finder

Alan Cole (alan.cole) remediation developer

Daniel (danielgry) remediation developer

Fiona Morrison (fionamorrison23) remediation developer

Suchi Garg (gargsuchi) remediation developer

Joshua Fernandes (joshua1234511) remediation developer

Lee Rowlands (larowlan) remediation developer

Richard Gaunt (richardgaunt) remediation developer

Greg Knaddison (greggles) coordinator

Lee Rowlands (larowlan) coordinator

Drew Webber (mcdruid) coordinator

References

www.drupal.org/sa-contrib-2025-112

cve.org (CVE-2025-12082)

nvd.nist.gov (CVE-2025-12082)

Download JSON