CVE-2025-13080 - Vulnerability Details - OpenCVE

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.drupal.org/sa-core-2025-005

History

Tue, 18 Nov 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
Title		Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
Weaknesses		CWE-754
References		https://www.drupal.org/sa-core-2025-005

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2025-11-18T16:54:32.042Z

Updated: 2025-11-18T16:54:32.042Z

Reserved: 2025-11-12T18:26:35.916Z

Link: CVE-2025-13080

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-11-18T17:15:58.813

Modified: 2025-11-18T17:15:58.813

Link: CVE-2025-13080

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13080", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-11-12T18:26:35.916Z", "datePublished": "2025-11-18T16:54:32.042Z", "dateUpdated": "2025-11-18T16:54:32.042Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/drupal", "defaultStatus": "unaffected", "product": "Drupal core", "repo": "https://git.drupalcode.org/project/drupal", "vendor": "Drupal", "versions": [{"lessThan": "10.4.9", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThan": "10.5.6", "status": "affected", "version": "10.5.0", "versionType": "semver"}, {"lessThan": "11.1.9", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThan": "11.2.8", "status": "affected", "version": "11.2.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Dragos Dumitrescu (dragos-dumi)"}, {"lang": "en", "type": "finder", "value": "yasser ALLAM (inzo_)"}, {"lang": "en", "type": "finder", "value": "Nils Destoop (nils.destoop)"}, {"lang": "en", "type": "finder", "value": "Sven Decabooter (svendecabooter)"}, {"lang": "en", "type": "finder", "value": "zhero"}, {"lang": "en", "type": "remediation developer", "value": "Alex Pott (alexpott)"}, {"lang": "en", "type": "remediation developer", "value": "catch (catch)"}, {"lang": "en", "type": "remediation developer", "value": "cilefen (cilefen)"}, {"lang": "en", "type": "remediation developer", "value": "Jen Lampton (jenlampton)"}, {"lang": "en", "type": "remediation developer", "value": "Lee Rowlands (larowlan)"}, {"lang": "en", "type": "remediation developer", "value": "Dave Long (longwave)"}, {"lang": "en", "type": "remediation developer", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "Nils Destoop (nils.destoop)"}, {"lang": "en", "type": "remediation developer", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "remediation developer", "value": "Ra M\u00c3\u00a4nd (ram4nd)"}, {"lang": "en", "type": "remediation developer", "value": "Jess (xjm)"}, {"lang": "en", "type": "coordinator", "value": "catch (catch)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Lee Rowlands (larowlan)"}, {"lang": "en", "type": "coordinator", "value": "Dave Long (longwave)"}, {"lang": "en", "type": "coordinator", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "datePublic": "2025-11-12T18:33:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.<p>This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.</p>"}], "value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8."}], "impacts": [{"capecId": "CAPEC-87", "descriptions": [{"lang": "en", "value": "CAPEC-87 Forceful Browsing"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-11-18T16:54:32.042Z"}, "references": [{"url": "https://www.drupal.org/sa-core-2025-005"}], "source": {"discovery": "UNKNOWN"}, "title": "Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}