User Interface Misrepresentation in Drupal Core by Drupal
CVE-2025-13082

Currently unrated

Key Information:

Vendor

Drupal
Status
Drupal Core
Vendor
CVE Published:
18 November 2025

What is CVE-2025-13082?

A vulnerability in Drupal core allows for content spoofing due to the misrepresentation of critical information in the user interface. This issue affects multiple versions of Drupal core, potentially leading to unauthorized manipulation of user-visible content. Attackers exploiting this vulnerability could present misleading information to users, impacting trust and security on affected sites.

Affected Version(s)

Drupal core 8.0.0 < 10.4.9

Drupal core 10.5.0 < 10.5.6

Drupal core 11.0.0 < 11.1.9

References

https://www.drupal.org/sa-core-2025-007

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Kevin Quillen (kevinquillen)
Benji Fisher (benjifisher)
Neil Drumm (drumm)
Greg Knaddison (greggles)
Lee Rowlands (larowlan)
Drew Webber (mcdruid)
Mingsong (mingsong)
Juraj Nemec (poker10)
Ra MÀnd (ram4nd)
Jess (xjm)
catch (catch)
Lee Rowlands (larowlan)
Dave Long (longwave)
Juraj Nemec (poker10)
JSON
.
CVE-2025-13082 : User Interface Misrepresentation in Drupal Core by Drupal