Incorrect Authorization in Drupal Commerce Alphabank Redirect by Drupal
CVE-2025-48446

8.8HIGH

Key Information:

Vendor: Drupal
Status: Commerce Alphabank Redirect
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-48446?

A vulnerability exists in the Commerce Alphabank Redirect component of Drupal, where incorrect authorization may allow attackers to misuse intended functionalities. This issue affects versions from 0.0.0 up to but not including 1.0.3, posing a potential security risk if left unaddressed. It is crucial for users of affected versions to apply the recommended updates to mitigate the risk of exploitation.

Affected Version(s)

Commerce Alphabank Redirect 0.0.0 < 1.0.3

References

https://www.drupal.org/sa-contrib-2025-067

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
May 21, 2025

Credit

Marios Tsalkidis (silios)

Bill Seremetis (bserem)

Panagiotis Moutsopoulos (vensires)

Greg Knaddison (greggles)

Juraj Nemec (poker10)