Plattform
drupal
Komponente
drupal
Behoben in
10.3.13
10.4.3
11.0.12
11.1.3
10.3.13
10.3.13
10.3.13
10.3.13
CVE-2025-3057 is a Cross-Site Scripting (XSS) vulnerability in Drupal Core. This flaw allows attackers to inject malicious scripts into web pages, potentially leading to data theft or unauthorized actions. This affects Drupal core versions from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, and from 11.1.0 before 11.1.3. The vulnerability is fixed in version 10.3.13.
Successful exploitation of CVE-2025-3057 allows an attacker to execute arbitrary JavaScript code in the context of a victim's browser. This can be used to steal cookies, redirect users to malicious websites, deface websites, or even gain control of user accounts. The impact is particularly severe for websites with sensitive data or high user traffic. XSS vulnerabilities are a common attack vector and can have widespread consequences.
CVE-2025-3057 was published on 2025-04-01 and has a CVSS score of 6.1 (MEDIUM). No public proof-of-concept exploits are currently known. It is not listed on KEV or EPSS. Organizations should prioritize patching to address this XSS vulnerability.
Exploit-Status
EPSS
0.35% (57% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2025-3057 is to upgrade Drupal Core to version 10.3.13, 10.4.3, 11.0.12, or 11.1.3 or later. Ensure that all modules and themes are also updated to compatible versions. Implement a Content Security Policy (CSP) to restrict the sources from which scripts can be executed. Regularly review and sanitize user input to prevent malicious code from being injected. No specific Sigma or YARA rules are available at this time.
Actualice Drupal core a la última versión disponible. Si está utilizando una versión anterior a la 10.3, actualice a la versión 10.3.13 o superior. Si está utilizando la versión 10.4, actualice a la versión 10.4.3 o superior. Si está utilizando la versión 11.0, actualice a la versión 11.0.12 o superior. Si está utilizando la versión 11.1, actualice a la versión 11.1.3 o superior.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Affected versions are Drupal Core 8.0.0 before 10.3.13, 10.4.0 before 10.4.3, 11.0.0 before 11.0.12, and 11.1.0 before 11.1.3.
You can verify the Drupal version on the site's administration page, in the 'Site information' section.
XSS (Cross-Site Scripting) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
CSP (Content Security Policy) is a security mechanism that allows website administrators to control the resources the browser is allowed to load for a web page.
You can find more information on the Drupal website and in vulnerability databases like CVE.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.