CVE-2025-13080

CWE-7546 documents5 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 76.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Drupal Drupal CoreDrupal DrupalDrupal Core
Timeline
PublishedNov 18

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

Packagistdrupal/core8.0.010.4.9+3
CVEListV5drupal/drupal_core8.0.010.4.9+3
NVDdrupal/drupal8.0.010.4.9+3

🔴Vulnerability Details

4
CVEList
Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-0052025-11-18
GHSA
Drupal core allows Forceful Browsing2025-11-18
OSV
Drupal core allows Forceful Browsing2025-11-18
OSV
CVE-2025-13080: Drupal Core has a rarely used feature, provided by an underlying library, which allows certain attributes of incoming HTTP requests to be overridden2025-11-12

📋Vendor Advisories

1
Drupal
Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-0052025-11-12
CVE-2025-13080 (MEDIUM CVSS 5.3) | Improper Check for Unusual or Excep | cvebase.io