Resource Allocation Issue in Drupal Web-T by Drupal
CVE-2025-3475

6.5MEDIUM

Key Information:

Vendor: Drupal
Status: Web-t
Vendor: CVE Published:; 9 April 2025

Summary

A vulnerability in Drupal's Web-T allows for excessive resource allocation without proper limits or throttling. This can result in incorrect authorization, leading to potential content spoofing vulnerabilities. Affected versions of Web-T are all prior to 1.1.0, making it critical for users to update their installations to the latest version to mitigate risk.

Affected Version(s)

WEB-T 0.0.0 < 1.1.0

References

https://www.drupal.org/sa-contrib-2025-030

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Jan Kellermann (jan kellermann)

dragels

Jan Kellermann (jan kellermann)

Greg Knaddison (greggles)

Juraj Nemec (poker10)