CVE-2025-13982 | THREATINT

Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Login Time Restriction allows Cross Site Request Forgery.This issue affects Login Time Restriction: from 0.0.0 before 1.0.3.

PUBLISHED Reserved 2025-12-03 | Published 2026-01-28 | Updated 2026-01-29 | Assigner drupal

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

0.0.0 (semver) before 1.0.3

affected

Credits

Pierre Rudloff (prudloff) finder

Kunal Singh (kunal_singh) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Pierre Rudloff (prudloff) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2025-120

cve.org (CVE-2025-13982)

nvd.nist.gov (CVE-2025-13982)

Download JSON