CVEFinder.io

CVE-2025-13081

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

CVSS Score
5.9
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2025-11-18
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 33.4% of all 326,604 vulnerabilities in our database.

#217,570
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Nov 18, 2025
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Total
Complete system compromise possible
πŸ† Discovered By
anzuukino Anna Kalata (akalata) (remediation developer) catch (catch) (remediation developer) Neil Drumm (drumm) (remediation developer) Greg Knaddison (greggles) (remediation developer) Lee Rowlands (larowlan) (remediation developer) Dave Long (longwave) (remediation developer) Drew Webber (mcdruid) (remediation developer) Juraj Nemec (poker10) (remediation developer) Ra MÀnd (ram4nd) (remediation developer) Jess (xjm) (remediation developer) catch (catch) (coordinator) Lee Rowlands (larowlan) (coordinator) Dave Long (longwave) (coordinator) Drew Webber (mcdruid) (coordinator) Juraj Nemec (poker10) (coordinator)
SSVC data provided by CISA
Last Modified 2025-11-24
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-915 CWE-502

πŸ“¦ Affected Products 4

Vendor Product Status Affected Versions
drupal drupal Affected
≥ 8.0.0 < 10.4.9
drupal drupal Affected
≥ 10.5.0 < 10.5.6
drupal drupal Affected
≥ 11.0.0 < 11.1.9
drupal drupal Affected
≥ 11.2.0 < 11.2.8

πŸ”— References 1

https://www.drupal.org/sa-core-2025-006
Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-9082 β›” critical 9.8 34.2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core... 2026-05-20
CVE-2026-6365 πŸ”Ά medium 6.1 0.0 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core... 2026-05-19
CVE-2026-6366 πŸ”Ά medium 6.6 0.1 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow... 2026-05-19
CVE-2026-6367 πŸ”Ά medium 6.1 0.0 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core... 2026-05-19
CVE-2025-13080 πŸ”Ά medium 5.3 0.1 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This i... 2025-11-18
CVE-2025-13082 πŸ”Ά medium 4.3 0.1 User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofin... 2025-11-18
These CVEs affect the same products