Home

Description

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.

PUBLISHED Reserved 2025-08-13 | Published 2025-08-15 | Updated 2025-08-15 | Assigner drupal

Problem types

CWE-862 Missing Authorization

Product status

Default status
unaffected

0.0.0 before 2.2.0
affected

Credits

Eelke Blok (eelkeblok) finder

Michael Whittaker (mrwhittaker) finder

Eelke Blok (eelkeblok) remediation developer

Sorin Dediu (sdstyles) remediation developer

Sean Blommaert (seanb) remediation developer

Anna Kalata (akalata) coordinator

Damien McKenna (damienmckenna) coordinator

Greg Knaddison (greggles) coordinator

Juraj Nemec (poker10) coordinator

Cathy Theys (yesct) coordinator

References

www.drupal.org/sa-contrib-2025-097

cve.org (CVE-2025-8996)

nvd.nist.gov (CVE-2025-8996)

Download JSON