Incorrect Authorization in Drupal Commerce Eurobank by Drupal
CVE-2025-48445

8.8HIGH

Key Information:

Vendor: Drupal
Status: Commerce Eurobank (redirect)
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-48445?

An incorrect authorization vulnerability in Drupal Commerce Eurobank (Redirect) can lead to functionality misuse, allowing unauthorized access to critical operations. This issue is present in versions from 0.0.0 up to 2.1.0, highlighting the need for users to update to a secure version to maintain the integrity of their applications.

Affected Version(s)

Commerce Eurobank (Redirect) 0.0.0 < 2.1.1

References

https://www.drupal.org/sa-contrib-2025-066

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
May 21, 2025

Credit

Marios Tsalkidis (silios)

Bill Seremetis (bserem)

Panagiotis Moutsopoulos (vensires)

Greg Knaddison (greggles)

Juraj Nemec (poker10)