Home

Description

Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0.

PUBLISHED Reserved 2025-04-09 | Published 2025-04-09 | Updated 2025-04-09 | Assigner drupal

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

0.0.0 (semver) before 4.9.0
affected

Credits

Manuel Adán (manuel.adan) finder

Jakob P (japerry) remediation developer

Manuel Adán (manuel.adan) remediation developer

Greg Knaddison (greggles) coordinator

Drew Webber (mcdruid) coordinator

References

www.drupal.org/sa-contrib-2025-033

cve.org (CVE-2025-3474)

nvd.nist.gov (CVE-2025-3474)

Download JSON