CVE-2022-25273

Name of the Vulnerable Software and Affected Versions Drupal core versions prior to the fixed version

Description The form API in Drupal core has a vulnerability that affects certain contributed or custom modules' forms, making them susceptible to improper input validation. This could allow an attacker to inject disallowed values or overwrite data, potentially altering critical or sensitive data in uncommon but certain cases.

Recommendations For versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to affected forms until a patch is available. Avoid using contributed or custom modules that may be vulnerable to improper input validation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.