DRUPAL-CONTRIB-2025-125

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/acquia_contenthub/DRUPAL-CONTRIB-2025-125.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-125

Aliases

CVE-2025-14472

Published

2025-12-10T17:53:01Z

Modified

2025-12-10T23:41:24.431092Z

Summary

[none]

Details

This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites.

The module doesn't sufficiently protect export routes from cross-site request forgery (CSRF) attacks, potentially allowing an attacker to trick an admin into exporting an unwanted entity.

References

https://www.drupal.org/sa-contrib-2025-125

Credits

- Lee Rowlands (larowlan)
- - https://www.drupal.org/u/larowlan

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/acquia_contenthub

Package

Name: drupal/acquia_contenthub
Purl: pkg:composer/drupal/acquia_contenthub

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

3.6.4

Database specific

{
    "constraint": "<3.6.4"
}

Type

ECOSYSTEM

Events

Introduced

3.7.0

Fixed

3.7.3

Database specific

{
    "constraint": ">=3.7.0 <3.7.3"
}

Database specific

affected_versions

"<3.6.4 || >=3.7.0 <3.7.3"