Plattform
drupal
Komponente
drupal
Behoben in
10.4.9
10.5.6
11.1.9
11.2.8
10.4.9
10.4.9
10.4.9
10.4.9
CVE-2025-13082 describes a User Interface (UI) Misrepresentation of Critical Information vulnerability affecting Drupal Core. This flaw allows for content spoofing, potentially misleading users. This issue affects Drupal Core versions from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, and from 11.2.0 before 11.2.8. The vulnerability is fixed in Drupal version 10.4.9.
CVE-2025-13082 in Drupal core introduces a User Interface (UI) Misrepresentation of Critical Information vulnerability, leading to 'Content Spoofing'. This allows an attacker to manipulate the UI to display inaccurate or misleading information to users. Essentially, a malicious actor could trick users into believing they are viewing legitimate content when, in reality, it’s fabricated. This vulnerability affects several Drupal versions: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, and from 11.2.0 before 11.2.8. The impact is significant, particularly for websites where user trust in presented information is paramount, such as news sites, e-commerce platforms, or government portals. Content manipulation can lead to loss of trust, fraud, or the dissemination of harmful information.
Exploitation of this vulnerability requires an attacker to have the ability to interact with the Drupal UI, typically involving user access with sufficient permissions to create or modify content. The attacker may leverage misconfigurations or a lack of data validation to inject malicious content that appears legitimate. The impact of exploitation can vary depending on the website’s configuration and the attacker’s user permissions. In some cases, the attacker could even compromise the entire website’s integrity.
Exploit-Status
EPSS
0.07% (22% Perzentil)
The primary mitigation for CVE-2025-13082 is to update Drupal to the latest available version: 10.4.9, 10.5.6, 11.1.9, or 11.2.8, depending on your current version. Drupal has released these updates to address the vulnerability. Beyond the update, review and strengthen your website's security policies, including user input validation and implementing additional security measures to protect against content manipulation attacks. Regularly monitoring server logs for suspicious activity is also recommended. The update should be performed as soon as possible to minimize the risk of exploitation.
Actualice Drupal core a la última versión disponible. Específicamente, actualice a la versión 10.4.9, 10.5.6, 11.1.9 o 11.2.8, o una versión posterior, según corresponda a su rama de Drupal. Esto solucionará la vulnerabilidad de suplantación de contenido.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a technique where an attacker creates fake content that resembles a website's legitimate content, deceiving users into believing it's authentic.
If you are using a version of Drupal prior to 10.4.9, 10.5.6, 11.1.9, or 11.2.8, your site is vulnerable.
Yes, it's crucial to update the Drupal core to the latest version to fix this vulnerability.
If immediate updating isn't possible, review and strengthen your website's security policies, especially user input validation.
You can find more information on the Drupal website and vulnerability databases like CVE.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.