CVE-2025-13083

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Drupal versions 8.0.0 through 10.4.9 Drupal versions 10.5.0 through 10.5.6 Drupal versions 11.0.0 through 11.1.9 Drupal versions 11.2.0 through 11.2.8

Description A flaw exists in Drupal core related to the use of a web browser cache that can contain sensitive information. This is due to incorrectly configured access control security levels.

Recommendations Update Drupal core to version 10.4.9 or later. Update Drupal core to version 10.5.6 or later. Update Drupal core to version 11.1.9 or later. Update Drupal core to version 11.2.8 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-525

Related Identifiers

BIT-DRUPAL-2025-13083

CVE-2025-13083

DRUPAL-CORE-2025-008

GHSA-MHPG-HPJ5-73R2

Affected Products

Drupal

CVE-2025-13083

Weakness Enumeration

Related Identifiers

Affected Products

References · 8