PT-2026-5207 · Drupal · Drupal Http Client Manager

Adriano Cori

Publicado

2025-12-17

Atualizado

2026-02-06

CVE-2025-14840

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Drupal HTTP Client Manager versions prior to 9.3.13 Drupal HTTP Client Manager versions 10.0.0 through 10.0.2 Drupal HTTP Client Manager versions 11.0.0 through 11.0.1

Description An improper check for unusual or exceptional conditions exists in the Drupal HTTP Client Manager, potentially allowing for forceful browsing. This issue relates to how the HTTP Client Manager handles certain conditions, which could be exploited.

Recommendations Update Drupal HTTP Client Manager to a version beyond 9.3.13. Update Drupal HTTP Client Manager to a version beyond 10.0.2. Update Drupal HTTP Client Manager to a version beyond 11.0.1.

Correção

Improper Check for Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-754

Identificadores relacionados

CVE-2025-14840

DRUPAL-CONTRIB-2025-126

Produtos afetados

Drupal Http Client Manager

PT-2026-5207 · Drupal · Drupal Http Client Manager

CVE-2025-14840

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7