Platform
drupal
Component
drupal
Fixed in
10.4.9
10.5.6
11.1.9
11.2.8
10.4.9
10.4.9
10.4.9
10.4.9
CVE-2025-13082 describes a User Interface (UI) Misrepresentation of Critical Information vulnerability affecting Drupal Core. This flaw allows for content spoofing, potentially misleading users. This issue affects Drupal Core versions from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, and from 11.2.0 before 11.2.8. The vulnerability is fixed in Drupal version 10.4.9.
CVE-2025-13082 in Drupal core introduces a User Interface (UI) Misrepresentation of Critical Information vulnerability, leading to 'Content Spoofing'. This allows an attacker to manipulate the UI to display inaccurate or misleading information to users. Essentially, a malicious actor could trick users into believing they are viewing legitimate content when, in reality, it’s fabricated. This vulnerability affects several Drupal versions: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, and from 11.2.0 before 11.2.8. The impact is significant, particularly for websites where user trust in presented information is paramount, such as news sites, e-commerce platforms, or government portals. Content manipulation can lead to loss of trust, fraud, or the dissemination of harmful information.
Exploitation of this vulnerability requires an attacker to have the ability to interact with the Drupal UI, typically involving user access with sufficient permissions to create or modify content. The attacker may leverage misconfigurations or a lack of data validation to inject malicious content that appears legitimate. The impact of exploitation can vary depending on the website’s configuration and the attacker’s user permissions. In some cases, the attacker could even compromise the entire website’s integrity.
Exploit Status
EPSS
0.07% (22% percentile)
The primary mitigation for CVE-2025-13082 is to update Drupal to the latest available version: 10.4.9, 10.5.6, 11.1.9, or 11.2.8, depending on your current version. Drupal has released these updates to address the vulnerability. Beyond the update, review and strengthen your website's security policies, including user input validation and implementing additional security measures to protect against content manipulation attacks. Regularly monitoring server logs for suspicious activity is also recommended. The update should be performed as soon as possible to minimize the risk of exploitation.
Update Drupal core to the latest available version. Specifically, update to version 10.4.9, 10.5.6, 11.1.9, or 11.2.8, or a later version, as appropriate for your Drupal branch. This will resolve the content spoofing vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
It's a technique where an attacker creates fake content that resembles a website's legitimate content, deceiving users into believing it's authentic.
If you are using a version of Drupal prior to 10.4.9, 10.5.6, 11.1.9, or 11.2.8, your site is vulnerable.
Yes, it's crucial to update the Drupal core to the latest version to fix this vulnerability.
If immediate updating isn't possible, review and strengthen your website's security policies, especially user input validation.
You can find more information on the Drupal website and vulnerability databases like CVE.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your composer.lock file and we'll tell you instantly if you're affected.