PT-2026-5199 · Drupal · Drupal Ckeditor 5 Premium Features
Greg Knaddison
+3
·
Published
2026-01-28
·
Updated
2026-02-12
·
CVE-2025-13980
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Drupal CKEditor 5 Premium Features versions 0.0.0 through 1.2.9
Drupal CKEditor 5 Premium Features versions 1.3.0 through 1.3.5
Drupal CKEditor 5 Premium Features versions 1.4.0 through 1.4.2
Drupal CKEditor 5 Premium Features versions 1.5.0 through 1.5.0
Drupal CKEditor 5 Premium Features versions 1.6.0 through 1.6.3
Description
An issue exists in Drupal CKEditor 5 Premium Features that allows for functionality bypass through authentication bypass using an alternate path or channel.
Recommendations
Update Drupal CKEditor 5 Premium Features to version 1.2.10 or later.
Update Drupal CKEditor 5 Premium Features to version 1.3.6 or later.
Update Drupal CKEditor 5 Premium Features to version 1.4.3 or later.
Update Drupal CKEditor 5 Premium Features to version 1.5.1 or later.
Update Drupal CKEditor 5 Premium Features to version 1.6.4 or later.
Fix
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Ckeditor 5 Premium Features