CVE-2025-13083

EUVD-2025-198027
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
drupaldrupal
8.0.0 ≤
𝑥
< 10.4.9
drupaldrupal
10.5.0 ≤
𝑥
< 10.5.6
drupaldrupal
11.0.0 ≤
𝑥
< 11.1.9
drupaldrupal
11.2.0 ≤
𝑥
< 11.2.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.drupal.org/sa-core-2025-008