CVEFinder.io

CVE-2025-13082

πŸ”Ά medium
πŸ” Scan for this CVE
Summary

User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

CVSS Score
4.3
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-11-18
First Seen: 2026-01-05
πŸ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 326,604 vulnerabilities in our database.

#308,897
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Nov 18, 2025
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
Kevin Quillen (kevinquillen) Benji Fisher (benjifisher) (remediation developer) Neil Drumm (drumm) (remediation developer) Greg Knaddison (greggles) (remediation developer) Lee Rowlands (larowlan) (remediation developer) Drew Webber (mcdruid) (remediation developer) Mingsong (mingsong) (remediation developer) Juraj Nemec (poker10) (remediation developer) Ra MÀnd (ram4nd) (remediation developer) Jess (xjm) (remediation developer) catch (catch) (coordinator) Lee Rowlands (larowlan) (coordinator) Dave Long (longwave) (coordinator) Juraj Nemec (poker10) (coordinator)
SSVC data provided by CISA
Last Modified 2025-11-24
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CWE IDs (Weakness Types)
CWE-451

πŸ“¦ Affected Products 4

Vendor Product Status Affected Versions
drupal drupal Affected
≥ 8.0.0 < 10.4.9
drupal drupal Affected
≥ 10.5.0 < 10.5.6
drupal drupal Affected
≥ 11.0.0 < 11.1.9
drupal drupal Affected
≥ 11.2.0 < 11.2.8

πŸ”— References 1

https://www.drupal.org/sa-core-2025-007
Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-9082 β›” critical 9.8 34.2 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core... 2026-05-20
CVE-2026-6365 πŸ”Ά medium 6.1 0.0 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core... 2026-05-19
CVE-2026-6366 πŸ”Ά medium 6.6 0.1 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow... 2026-05-19
CVE-2026-6367 πŸ”Ά medium 6.1 0.0 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core... 2026-05-19
CVE-2025-13080 πŸ”Ά medium 5.3 0.1 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This i... 2025-11-18
CVE-2025-13081 πŸ”Ά medium 5.9 0.2 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allow... 2025-11-18
These CVEs affect the same products