CVE-2025-13083 | THREATINT

Description

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

PUBLISHED Reserved 2025-11-12 | Published 2025-11-18 | Updated 2025-11-18 | Assigner drupal

Problem types

CWE-525 Use of Web Browser Cache Containing Sensitive Information

Product status

Default status

unaffected

8.0.0 (semver) before 10.4.9

affected

10.5.0 (semver) before 10.5.6

affected

11.0.0 (semver) before 11.1.9

affected

11.2.0 (semver) before 11.2.8

affected

Credits

Damien McKenna (damienmckenna) finder

tame4tex finder

Benji Fisher (benjifisher) remediation developer

catch (catch) remediation developer

Neil Drumm (drumm) remediation developer

Lee Rowlands (larowlan) remediation developer

Mingsong (mingsong) remediation developer

Mohit Aghera (mohit_aghera) remediation developer

James Gilliland (neclimdul) remediation developer

Juraj Nemec (poker10) remediation developer

Jess (xjm) remediation developer

catch (catch) coordinator

Lee Rowlands (larowlan) coordinator

Dave Long (longwave) coordinator

Drew Webber (mcdruid) coordinator

Juraj Nemec (poker10) coordinator

References

www.drupal.org/sa-core-2025-008

cve.org (CVE-2025-13083)

nvd.nist.gov (CVE-2025-13083)

Download JSON