Cross-Site Scripting Vulnerability in Drupal COOKiES Consent Management
CVE-2025-8092

7.6HIGH

Key Information:

Vendor: Drupal
Status: Cookies Consent Management
Vendor: CVE Published:; 15 August 2025

What is CVE-2025-8092?

The COOKiES Consent Management extension for Drupal has a vulnerability that allows an attacker to inject malicious scripts into web pages viewed by users. This occurs due to inadequate sanitization of user input, which could lead to unauthorized actions taken by unsuspecting users. It's crucial for site administrators to update to version 1.2.16 or later to mitigate the risk of potential exploitation.

Affected Version(s)

COOKiES Consent Management 0.0.0 < 1.2.16

References

https://www.drupal.org/sa-contrib-2025-092

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2025
Vulnerability Reserved
Jul 23, 2025

Credit

Pierre Rudloff (prudloff)

Joshua Sedler (grevil)

Joachim Feltkamp (jfeltkamp)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

Pierre Rudloff (prudloff)

Cathy Theys (yesct)