Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
Description
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Drupal core fails to validate user input in a way that allows an attacker to craft a malicious URL, leading to temporary site defacement via content spoofing.
Root
Cause
CVE-2025-13082 is a UI misrepresentation vulnerability in Drupal core that enables content spoofing. The flaw stems from insufficient input validation when processing certain URL parameters, allowing an attacker to inject arbitrary content into a page rendered by the Drupal application.
Exploitation
An attacker can exploit this vulnerability by crafting a malicious URL and tricking a logged-in user (or any user with access to the affected page) into visiting it. No authentication is required to trigger the defacement, but the interaction of the victim is necessary. The content spoofing is transient and only appears when the specially crafted URL is used; normal site content and branding are not manipulated.
Impact
A successful attack results in temporary defacement of the Drupal site. The attacker can present misleading or unauthorized content to the victim, potentially harming the site's reputation or misleading users. The defacement is not persistent and does not alter stored data or compromise administrative control.
Mitigation
The Drupal project has released security fixes. Affected users should update to Drupal 10.4.9, 10.5.6, 11.1.9, or 11.2.8 depending on their minor version. Older branches (Drupal 11.0.x, 10.3.x, and below) are end-of-life and no longer receive security updates [3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.0.0, < 10.4.9 | 10.4.9 |
drupal/corePackagist | >= 10.5.0, < 10.5.6 | 10.5.6 |
drupal/corePackagist | >= 11.0.0, < 11.1.9 | 11.1.9 |
drupal/corePackagist | >= 11.2.0, < 11.2.8 | 11.2.8 |
Affected products
2- Range: >=8.0.0, <10.4.9 || >=10.5.0, <10.5.6 || >=11.0.0, <11.1.9 || >=11.2.0, <11.2.8
- Drupal/Drupal corev5Range: 8.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-h89p-5896-f4q8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-13082ghsaADVISORY
- www.drupal.org/sa-core-2025-007ghsaWEB
News mentions
1- Drupal core - Moderately critical - Defacement - SA-CORE-2025-007Drupal Security Advisories · Nov 12, 2025