Low severityNVD Advisory· Published Nov 18, 2025· Updated Nov 18, 2025
Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
CVE-2025-13080
Description
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.0.0, < 10.4.9 | 10.4.9 |
drupal/corePackagist | >= 10.5.0, < 10.5.6 | 10.5.6 |
drupal/corePackagist | >= 11.0.0, < 11.1.9 | 11.1.9 |
drupal/corePackagist | >= 11.2.0, < 11.2.8 | 11.2.8 |
Affected products
3- osv-coords2 versions
>= 8.0.0, < 10.4.9+ 1 more
- (no CPE)range: >= 8.0.0, < 10.4.9
- (no CPE)range: >= 8.0.0, < 10.4.9
- Range: 8.0.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-83v7-c2cf-p9c2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13080ghsaADVISORY
- www.drupal.org/sa-core-2025-005ghsaWEB
News mentions
1- Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005Drupal Security Advisories · Nov 12, 2025