CVE-2025-13083 - Vulnerability Details - OpenCVE

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.drupal.org/sa-core-2025-008

History

Tue, 18 Nov 2025 17:15:00 +0000

Type	Values Removed	Values Added
Description		Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
Title		Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
Weaknesses		CWE-525
References		https://www.drupal.org/sa-core-2025-008

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2025-11-18T16:55:37.269Z

Updated: 2025-11-18T16:55:37.269Z

Reserved: 2025-11-12T18:26:39.713Z

Link: CVE-2025-13083

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-11-18T17:15:59.313

Modified: 2025-11-18T17:15:59.313

Link: CVE-2025-13083

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13083", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-11-12T18:26:39.713Z", "datePublished": "2025-11-18T16:55:37.269Z", "dateUpdated": "2025-11-18T16:55:37.269Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/drupal", "defaultStatus": "unaffected", "product": "Drupal core", "repo": "https://git.drupalcode.org/project/drupal", "vendor": "Drupal", "versions": [{"lessThan": "10.4.9", "status": "affected", "version": "8.0.0", "versionType": "semver"}, {"lessThan": "10.5.6", "status": "affected", "version": "10.5.0", "versionType": "semver"}, {"lessThan": "11.1.9", "status": "affected", "version": "11.0.0", "versionType": "semver"}, {"lessThan": "11.2.8", "status": "affected", "version": "11.2.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Damien McKenna (damienmckenna)"}, {"lang": "en", "type": "finder", "value": "tame4tex"}, {"lang": "en", "type": "remediation developer", "value": "Benji Fisher (benjifisher)"}, {"lang": "en", "type": "remediation developer", "value": "catch (catch)"}, {"lang": "en", "type": "remediation developer", "value": "Neil Drumm (drumm)"}, {"lang": "en", "type": "remediation developer", "value": "Lee Rowlands (larowlan)"}, {"lang": "en", "type": "remediation developer", "value": "Mingsong (mingsong)"}, {"lang": "en", "type": "remediation developer", "value": "Mohit Aghera (mohit_aghera)"}, {"lang": "en", "type": "remediation developer", "value": "James Gilliland (neclimdul)"}, {"lang": "en", "type": "remediation developer", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "remediation developer", "value": "Jess (xjm)"}, {"lang": "en", "type": "coordinator", "value": "catch (catch)"}, {"lang": "en", "type": "coordinator", "value": "Lee Rowlands (larowlan)"}, {"lang": "en", "type": "coordinator", "value": "Dave Long (longwave)"}, {"lang": "en", "type": "coordinator", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}], "datePublic": "2025-11-12T20:16:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.</p>"}], "value": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-525", "description": "CWE-525 Use of Web Browser Cache Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-11-18T16:55:37.269Z"}, "references": [{"url": "https://www.drupal.org/sa-core-2025-008"}], "source": {"discovery": "UNKNOWN"}, "title": "Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}