Home

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

PUBLISHED Reserved 2025-11-12 | Published 2025-11-18 | Updated 2025-11-18 | Assigner drupal

Problem types

CWE-754 Improper Check for Unusual or Exceptional Conditions

Product status

Default status
unaffected

8.0.0 (semver) before 10.4.9
affected

10.5.0 (semver) before 10.5.6
affected

11.0.0 (semver) before 11.1.9
affected

11.2.0 (semver) before 11.2.8
affected

Credits

Dragos Dumitrescu (dragos-dumi) finder

yasser ALLAM (inzo_) finder

Nils Destoop (nils.destoop) finder

Sven Decabooter (svendecabooter) finder

zhero finder

Alex Pott (alexpott) remediation developer

catch (catch) remediation developer

cilefen (cilefen) remediation developer

Jen Lampton (jenlampton) remediation developer

Lee Rowlands (larowlan) remediation developer

Dave Long (longwave) remediation developer

Drew Webber (mcdruid) remediation developer

Nils Destoop (nils.destoop) remediation developer

Juraj Nemec (poker10) remediation developer

Ra Mänd (ram4nd) remediation developer

Jess (xjm) remediation developer

catch (catch) coordinator

Greg Knaddison (greggles) coordinator

Lee Rowlands (larowlan) coordinator

Dave Long (longwave) coordinator

Drew Webber (mcdruid) coordinator

Juraj Nemec (poker10) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-core-2025-005

cve.org (CVE-2025-13080)

nvd.nist.gov (CVE-2025-13080)

Download JSON