Home

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

PUBLISHED Reserved 2025-11-12 | Published 2025-11-18 | Updated 2025-11-18 | Assigner drupal

Problem types

CWE-451 User Interface (UI) Misrepresentation of Critical Information

Product status

Default status
unaffected

8.0.0 (semver) before 10.4.9
affected

10.5.0 (semver) before 10.5.6
affected

11.0.0 (semver) before 11.1.9
affected

11.2.0 (semver) before 11.2.8
affected

Credits

Kevin Quillen (kevinquillen) finder

Benji Fisher (benjifisher) remediation developer

Neil Drumm (drumm) remediation developer

Greg Knaddison (greggles) remediation developer

Lee Rowlands (larowlan) remediation developer

Drew Webber (mcdruid) remediation developer

Mingsong (mingsong) remediation developer

Juraj Nemec (poker10) remediation developer

Ra Mänd (ram4nd) remediation developer

Jess (xjm) remediation developer

catch (catch) coordinator

Lee Rowlands (larowlan) coordinator

Dave Long (longwave) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-core-2025-007

cve.org (CVE-2025-13082)

nvd.nist.gov (CVE-2025-13082)

Download JSON