PT-2026-5199 · Drupal · Drupal Ckeditor 5 Premium Features

Greg Knaddison

Publicado

2026-01-28

Atualizado

2026-02-12

CVE-2025-13980

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9 Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5 Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2 Drupal CKEditor 5 Premium Features versions 1.5.0 through 1.5.0 Drupal CKEditor 5 Premium Features versions 1.6.0 through 1.6.3

Description An issue exists in Drupal CKEditor 5 Premium Features that allows for functionality bypass through authentication bypass using an alternate path or channel.

Recommendations Update Drupal CKEditor 5 Premium Features to version 1.2.10 or later. Update Drupal CKEditor 5 Premium Features to version 1.3.6 or later. Update Drupal CKEditor 5 Premium Features to version 1.4.3 or later. Update Drupal CKEditor 5 Premium Features to version 1.5.1 or later. Update Drupal CKEditor 5 Premium Features to version 1.6.4 or later.

Correção

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288

Identificadores relacionados

CVE-2025-13980

DRUPAL-CONTRIB-2025-118

Produtos afetados

Drupal Ckeditor 5 Premium Features

PT-2026-5199 · Drupal · Drupal Ckeditor 5 Premium Features

CVE-2025-13980

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6