Missing Authentication Vulnerability in Drupal Panels Affects Multiple Versions
CVE-2025-3474

6.5MEDIUM

Key Information:

Vendor: Drupal
Status: Panels
Vendor: CVE Published:; 9 April 2025

What is CVE-2025-3474?

A missing authentication vulnerability in the Drupal Panels module may allow attackers to exploit incorrectly configured access control settings. This security oversight can lead to unauthorized actions being taken within the web application. It is crucial for users to ensure that their configurations are properly set and to update to the latest version where applicable to mitigate potential risks from this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Panels 0.0.0 < 4.9.0

References

https://www.drupal.org/sa-contrib-2025-033

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Manuel Adán (manuel.adan)

Jakob P (japerry)

Manuel Adán (manuel.adan)

Greg Knaddison (greggles)

Drew Webber (mcdruid)

JSON

Drupal