VYPR
Low severityNVD Advisory· Published Nov 18, 2025· Updated Jan 16, 2026

Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008

CVE-2025-13083

Description

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
drupal/corePackagist
>= 8.0.0, < 10.4.910.4.9
drupal/corePackagist
>= 10.5.0, < 10.5.610.5.6
drupal/corePackagist
>= 11.0.0, < 11.1.911.1.9
drupal/corePackagist
>= 11.2.0, < 11.2.811.2.8
drupal/corePackagist
>= 7.0, < 7.1037.103

Affected products

3

Patches

Vulnerability mechanics

References

3

News mentions

1