CVE-2025-13082

CWE-4515 documents4 sources
Severity
4.3MEDIUM
No vector
EPSS
0.0%
top 88.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Drupal Drupal CoreDrupal Core
Timeline
PublishedNov 18

Description

Drupal core - Moderately critical - Defacement - SA-CORE-2025-007 User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

Affected Packages2 packages

Packagistdrupal/core8.0.010.4.9+3
CVEListV5drupal/drupal_core8.0.010.4.9+3

🔴Vulnerability Details

4
OSV
Drupal core allows Content Spoofing2025-11-18
CVEList
Drupal core - Moderately critical - Defacement - SA-CORE-2025-0072025-11-18
GHSA
Drupal core allows Content Spoofing2025-11-18
OSV
CVE-2025-13082: By generating and tricking a user into visiting a malicious URL, an attacker can perform site defacement2025-11-12

📋Vendor Advisories

1
Drupal
Drupal core - Moderately critical - Defacement - SA-CORE-2025-0072025-11-12
CVE-2025-13082 (MEDIUM CVSS 4.3) | Drupal core - Moderately critical - | cvebase.io