Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-1325-1 drupal7 security update
Debian DSA Debian DSA DSA-4156-1 drupal7 security update
Github GHSA Github GHSA GHSA-7fh9-933g-885p Drupal Core Remote Code Execution Vulnerability
Ubuntu USN Ubuntu USN USN-4773-1 Drupal vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 22 Oct 2025 00:15:00 +0000


Tue, 21 Oct 2025 20:30:00 +0000


Tue, 21 Oct 2025 19:30:00 +0000


Fri, 07 Feb 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 27 Jan 2025 21:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: drupal

Published:

Updated: 2025-10-21T23:45:52.444Z

Reserved: 2018-03-01T00:00:00.000Z

Link: CVE-2018-7600

cve-icon Vulnrichment

Updated: 2024-08-05T06:31:04.955Z

cve-icon NVD

Status : Modified

Published: 2018-03-29T07:29:00.260

Modified: 2025-10-22T00:16:26.117

Link: CVE-2018-7600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.