CVE-2025-13083
- Source
- https://cve.org/CVERecord?id=CVE-2025-13083
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-13083.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-13083
- Aliases
- Published
- 2025-11-18T17:15:59.313Z
- Modified
- 2026-03-12T17:36:41.123857Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8, from 7.0 before 7.103.
- References
Affected packages
Git / github.com/drupal/drupal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/drupal/drupal
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "8.0.0" }, { "fixed": "10.4.9" }, { "introduced": "10.5.0" }, { "fixed": "10.5.6" }, { "introduced": "11.0.0" }, { "fixed": "11.1.9" }, { "introduced": "11.2.0" }, { "fixed": "11.2.8" } ] }
Affected versions
10.*
10.0.0-alpha1
10.0.0-alpha3
10.0.0-alpha4
10.0.0-alpha5
10.1.0-alpha1
10.4.0
10.4.0-beta1
10.4.0-rc1
10.4.1
10.4.2
10.4.3
10.4.4
10.4.6
10.4.7
10.4.8
10.5.0
10.5.0-beta1
10.5.0-rc1
10.5.1
10.5.2
10.5.3
10.5.4
10.5.5
11.*
11.0.0-alpha1
11.1.0
11.1.0-beta1
11.1.0-rc1
11.1.1
11.1.2
11.1.3
11.1.4
11.1.6
11.1.7
11.1.8
11.2.0
11.2.0-alpha1
11.2.0-beta1
11.2.0-rc2
11.2.1
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7
8.*
8.0.0
8.1.0-beta1
9.*
9.0.0-alpha1
9.0.0-alpha2