CVE-2025-14472 | THREATINT

Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

PUBLISHED Reserved 2025-12-10 | Published 2026-01-28 | Updated 2026-01-28 | Assigner drupal

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status

unaffected

0.0.0 (semver) before 3.6.4

affected

3.7.0 (semver) before 3.7.3

affected

Credits

Lee Rowlands (larowlan) finder

Kirti Garg (kirti_garg) remediation developer

Narendra Shenvi Desai (n4r3n) remediation developer

Peter Pajor (pajor) remediation developer

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2025-125

cve.org (CVE-2025-14472)

nvd.nist.gov (CVE-2025-14472)

Download JSON