DRUPAL-CONTRIB-2025-046

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/search_api_solr/DRUPAL-CONTRIB-2025-046.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-046
Aliases
  • CVE-2025-3907
Published
2025-04-23T16:59:33Z
Modified
2025-12-10T23:41:29.325008Z
Summary
[none]
Details

This module provides support for creating searches using the Apache Solr search engine and the Search API Drupal module.

The module doesn't sufficiently protect certain routes from CSRF attacks.

This vulnerability is mitigated by the fact that a site admin would have to perform further steps after the attack for it to have any effect.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/search_api_solr

Package

Name
drupal/search_api_solr
Purl
pkg:composer/drupal/search_api_solr

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.9
Database specific 
{
    "constraint": "<4.3.9"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/search_api_solr/DRUPAL-CONTRIB-2025-046.json"
affected_versions 
"<4.3.9"