Missing Authentication Vulnerability in Drupal Panels Affects Multiple Versions
CVE-2025-3474

6.5MEDIUM

Key Information:

Vendor: Drupal
Status: Panels
Vendor: CVE Published:; 9 April 2025

Summary

A missing authentication vulnerability in the Drupal Panels module may allow attackers to exploit incorrectly configured access control settings. This security oversight can lead to unauthorized actions being taken within the web application. It is crucial for users to ensure that their configurations are properly set and to update to the latest version where applicable to mitigate potential risks from this vulnerability.

Affected Version(s)

Panels 0.0.0 < 4.9.0

References

https://www.drupal.org/sa-contrib-2025-033

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Manuel Adán (manuel.adan)

Jakob P (japerry)

Manuel Adán (manuel.adan)

Greg Knaddison (greggles)

Drew Webber (mcdruid)