Low severityNVD Advisory· Published Nov 18, 2025· Updated Nov 18, 2025
Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
CVE-2025-13082
Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.0.0, < 10.4.9 | 10.4.9 |
drupal/corePackagist | >= 10.5.0, < 10.5.6 | 10.5.6 |
drupal/corePackagist | >= 11.0.0, < 11.1.9 | 11.1.9 |
drupal/corePackagist | >= 11.2.0, < 11.2.8 | 11.2.8 |
Affected products
3- osv-coords2 versions
>= 8.0.0, < 10.4.9+ 1 more
- (no CPE)range: >= 8.0.0, < 10.4.9
- (no CPE)range: >= 8.0.0, < 10.4.9
- Range: 8.0.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-h89p-5896-f4q8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13082ghsaADVISORY
- www.drupal.org/sa-core-2025-007ghsaWEB
News mentions
1- Drupal core - Moderately critical - Defacement - SA-CORE-2025-007Drupal Security Advisories · Nov 12, 2025