PT-2025-41617 · Drupal · Drupal Facets
Benji Fisher
+7
·
Published
2025-10-10
·
Updated
2026-01-05
·
CVE-2025-9549
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal Facets versions 0.0.0 through 2.0.9
Drupal Facets versions 3.0.0 through 3.0.0
Description
A missing authorization issue exists in Drupal Facets, potentially allowing forceful browsing. The issue relates to insufficient access controls.
Recommendations
Update Drupal Facets to version 2.0.10 or later.
Update Drupal Facets to version 3.0.1 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Facets