Vulnerability in Drupal's Synchronize Composer.Json with Contrib Modules
CVE-2025-9552

Currently unrated

Key Information:

Vendor: Drupal
Status: Synchronize Composer.json With Contrib Modules
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-9552?

A vulnerability has been identified in Drupal’s Synchronize composer.Json with Contrib Modules. This flaw may allow for unintended access or manipulation of application functionality, potentially compromising the integrity of the software environment. Website administrators using this module should take immediate action to review their configurations and apply necessary updates to mitigate any risks associated with this issue.

Affected Version(s)

Synchronize composer.json With Contrib Modules *.*

References

https://www.drupal.org/sa-contrib-2025-102

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Aug 27, 2025

JSON