Incorrect Authorization in Drupal CivicTheme Design System
CVE-2025-12082

7.5HIGH

Key Information:

Vendor: Drupal
Status: Civictheme Design System
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-12082?

An incorrect authorization vulnerability in the CivicTheme Design System for Drupal enables forceful browsing, allowing unauthorized access to restricted areas. This issue affects versions from 0.0.0 up to 1.11.9, necessitating immediate attention from users to safeguard their applications.

Affected Version(s)

CivicTheme Design System 0.0.0 < 1.12.0

References

https://www.drupal.org/sa-contrib-2025-112

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 22, 2025

Credit

Lee Rowlands (larowlan)

Alan Cole (alan.cole)

Daniel (danielgry)

Fiona Morrison (fionamorrison23)

Suchi Garg (gargsuchi)

Joshua Fernandes (joshua1234511)

Lee Rowlands (larowlan)

Richard Gaunt (richardgaunt)

Greg Knaddison (greggles)

Lee Rowlands (larowlan)

Drew Webber (mcdruid)

JSON