Plattform
drupal
Komponente
drupal
Behoben in
1.0.3
1.0.4
CVE-2025-13982 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Drupal Login Time Restriction module. This vulnerability allows an attacker to potentially perform unauthorized actions on a user's account if they can trick the user into clicking a malicious link. The vulnerability affects versions of the module prior to 1.0.3 and has been published on 2026-01-28. A fix is available in version 1.0.3.
A successful CSRF attack can lead to an attacker performing actions as the logged-in user without their knowledge or consent. In the context of the Drupal Login Time Restriction module, this could allow an attacker to modify login time restrictions, potentially granting unauthorized access or bypassing security controls. The impact is amplified if the affected Drupal site handles sensitive data or critical operations. While the specific impact depends on the configuration of the Login Time Restriction module, the potential for unauthorized modifications makes this a significant security concern. CSRF vulnerabilities are often exploited through phishing emails or malicious websites designed to mimic legitimate Drupal interfaces.
As of the publication date (2026-01-28), there is no public proof-of-concept (POC) code available for CVE-2025-13982. The vulnerability's severity is rated HIGH (CVSS 8.1), indicating a potential for exploitation. It is not currently listed on the CISA KEV catalog. Given the relatively straightforward nature of CSRF attacks, it is likely that a POC will be developed and potentially exploited in the future.
Drupal sites utilizing the Login Time Restriction module, particularly those with sensitive data or critical functionality, are at risk. Sites running older, unpatched versions of Drupal are especially vulnerable. Shared hosting environments where users have limited control over installed modules also face increased risk.
• drupal: Check the version of the Login Time Restriction module using drush pm-info logintimerestriction. If the version is less than 1.0.3, the system is vulnerable.
• generic web: Monitor Drupal site logs for suspicious POST requests originating from different IP addresses than the authenticated user's. Use a WAF to block requests without valid CSRF tokens.
disclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2025-13982 is to upgrade the Drupal Login Time Restriction module to version 1.0.3 or later. If immediate upgrading is not possible due to compatibility issues or testing requirements, consider implementing CSRF tokens on critical forms within the Login Time Restriction module. While not a complete solution, this can provide an additional layer of protection. Review Drupal's general CSRF prevention mechanisms and ensure they are properly configured. Monitor Drupal logs for suspicious activity, particularly requests originating from unexpected sources.
Actualice el módulo Login Time Restriction a la versión 1.0.3 o superior. Esta versión corrige la vulnerabilidad CSRF. Puede actualizar a través de la interfaz de administración de Drupal o descargando la nueva versión desde Drupal.org y reemplazando los archivos del módulo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13982 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Drupal Login Time Restriction module, allowing attackers to perform unauthorized actions.
You are affected if you are using Drupal Login Time Restriction version 1.0.3 or earlier. Upgrade to 1.0.3 to mitigate the risk.
Upgrade the Drupal Login Time Restriction module to version 1.0.3 or later. Implement CSRF token protection as a temporary workaround.
There is currently no evidence of active exploitation, but the vulnerability's nature suggests potential for future attacks.
Refer to the Drupal security advisory page for the latest information and updates regarding CVE-2025-13982.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.