Missing Authorization Vulnerability in Drupal Single Content Sync Product by Drupal
CVE-2025-48009

3.1LOW

Key Information:

Vendor: Drupal
Status: Single Content Sync
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-48009?

A missing authorization vulnerability in the Single Content Sync module for Drupal allows users to perform unauthorized actions, leading to functionality misuse in the system. This issue impacts all versions of the module prior to 1.4.12, creating significant risks for sites leveraging this integration. Proper user authentication and authorization checks are critical to prevent such exploitation.

Affected Version(s)

Single Content Sync 0.0.0 < 1.4.12

References

https://www.drupal.org/sa-contrib-2025-060

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 14, 2025

Credit

Dezső Biczó (mxr576)

Dave Long (longwave)

Dezső Biczó (mxr576)

Oleksandr Kuzava (nginex)

Greg Knaddison (greggles)

Juraj Nemec (poker10)