Cross-Site Scripting Vulnerability in Drupal COOKiES Consent Management
CVE-2025-8092

Currently unrated

Key Information:

Vendor: Drupal
Status: Cookies Consent Management
Vendor: CVE Published:; 15 August 2025

What is CVE-2025-8092?

The COOKiES Consent Management extension for Drupal has a vulnerability that allows an attacker to inject malicious scripts into web pages viewed by users. This occurs due to inadequate sanitization of user input, which could lead to unauthorized actions taken by unsuspecting users. It's crucial for site administrators to update to version 1.2.16 or later to mitigate the risk of potential exploitation.

Affected Version(s)

COOKiES Consent Management 0.0.0 < 1.2.16

References

https://www.drupal.org/sa-contrib-2025-092

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2025
Vulnerability Reserved
Jul 23, 2025

Credit

Pierre Rudloff (prudloff)

Joshua Sedler (grevil)

Joachim Feltkamp (jfeltkamp)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

Pierre Rudloff (prudloff)

Cathy Theys (yesct)