User Interface Misrepresentation in Drupal Core by Drupal
CVE-2025-13082

4.3MEDIUM

Key Information:

Vendor: Drupal
Status: Drupal Core
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-13082?

A vulnerability in Drupal core allows for content spoofing due to the misrepresentation of critical information in the user interface. This issue affects multiple versions of Drupal core, potentially leading to unauthorized manipulation of user-visible content. Attackers exploiting this vulnerability could present misleading information to users, impacting trust and security on affected sites.

Affected Version(s)

Drupal core 8.0.0 < 10.4.9

Drupal core 10.5.0 < 10.5.6

Drupal core 11.0.0 < 11.1.9

References

https://www.drupal.org/sa-core-2025-007

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Nov 12, 2025

Credit

Kevin Quillen (kevinquillen)

Benji Fisher (benjifisher)

Neil Drumm (drumm)

Greg Knaddison (greggles)

Lee Rowlands (larowlan)

Drew Webber (mcdruid)

Mingsong (mingsong)

Juraj Nemec (poker10)

Ra MÃ¤nd (ram4nd)

Jess (xjm)

catch (catch)

Lee Rowlands (larowlan)

Dave Long (longwave)

Juraj Nemec (poker10)

JSON