PT-2026-5207 · Drupal · Drupal Http Client Manager
Adriano Cori
+2
·
Published
2025-12-17
·
Updated
2026-02-06
·
CVE-2025-14840
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Drupal HTTP Client Manager versions prior to 9.3.13
Drupal HTTP Client Manager versions 10.0.0 through 10.0.2
Drupal HTTP Client Manager versions 11.0.0 through 11.0.1
Description
An improper check for unusual or exceptional conditions exists in the Drupal HTTP Client Manager, potentially allowing for forceful browsing. This issue relates to how the HTTP Client Manager handles certain conditions, which could be exploited.
Recommendations
Update Drupal HTTP Client Manager to a version beyond 9.3.13.
Update Drupal HTTP Client Manager to a version beyond 10.0.2.
Update Drupal HTTP Client Manager to a version beyond 11.0.1.
Fix
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drupal Http Client Manager