Plattform
drupal
Komponente
drupal
Behoben in
3.6.4
3.7.3
3.6.5
CVE-2025-14472 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in Drupal Acquia Content Hub. A successful exploit allows an attacker to perform unauthorized actions on behalf of an authenticated user, potentially leading to data modification or system compromise. This vulnerability affects versions 3.7.0 through 3.7.3 of Acquia Content Hub and is addressed in version 3.6.4 and later.
The CSRF vulnerability in Drupal Acquia Content Hub allows an attacker to trick a logged-in user into unknowingly executing malicious actions. For example, an attacker could craft a malicious link or embed it in an email, causing the user's browser to send a forged request to the server. This could result in unauthorized content creation, modification, or deletion, impacting the integrity of the content hub. The blast radius extends to any user with access to the Acquia Content Hub, as their actions could be hijacked. Successful exploitation could also lead to privilege escalation if the user has administrative rights.
CVE-2025-14472 was publicly disclosed on 2026-01-28. There are currently no known public proof-of-concept exploits available. The vulnerability is not listed on the CISA KEV catalog as of this writing. The potential for exploitation remains, particularly given the widespread use of Drupal and Acquia Content Hub.
Organizations using Drupal Acquia Content Hub for content management are at risk, particularly those running versions 3.7.0 through 3.7.3. Shared hosting environments where multiple users share the same Drupal instance are especially vulnerable, as an attacker could potentially compromise the accounts of other users.
• drupal: Check Drupal core files for suspicious code related to form handling and CSRF tokens.
grep -r 'CSRF token' /var/www/html/drupal/core/modules/system/system.form• drupal: Review Drupal logs for unusual activity or failed CSRF token validation attempts.
journalctl -u apache2 -f | grep "CSRF token validation failed"• generic web: Monitor access logs for requests with unexpected parameters or originating from unusual sources.
grep -i 'csrf' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2025-14472 is to upgrade Acquia Content Hub to version 3.6.4 or later, which contains the fix. If immediate upgrading is not possible, implement strict input validation and output encoding to prevent the injection of malicious scripts. Consider using a Web Application Firewall (WAF) with CSRF protection rules to filter out suspicious requests. Review and strengthen user access controls to limit the potential impact of a successful attack. After upgrading, verify the fix by attempting to trigger a CSRF attack and confirming that it is blocked.
Actualice el módulo Acquia Content Hub a la versión 3.6.4 o superior, o a la versión 3.7.3 o superior. Esto corregirá la vulnerabilidad CSRF. Puede actualizar el módulo a través de la interfaz de administración de Drupal o utilizando Composer.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14472 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Drupal Acquia Content Hub versions 3.7.0–3.7.3, allowing attackers to perform unauthorized actions.
You are affected if you are using Drupal Acquia Content Hub versions 3.7.0 through 3.7.3. Upgrade to 3.6.4 or later to mitigate the risk.
Upgrade Acquia Content Hub to version 3.6.4 or later. Implement input validation and consider a WAF for added protection.
As of now, there are no confirmed reports of active exploitation, but the vulnerability remains a potential risk.
Refer to the official Drupal security advisory for detailed information and updates: [https://www.drupal.org/security/advisories/cve-2025-14472]
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.