CVE-2025-12082

CVE-2025-12082: CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112

Vendor Drupal

Product CivicTheme Design System

Weakness CWE-863 · Incorrect authorization

Published October 29, 2025

Last update October 30, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Incorrect Authorization vulnerability in Drupal CivicTheme Design System allows Forceful Browsing.This issue affects CivicTheme Design System: from 0.0.0 before 1.12.0.

Key dates

02Disclosure timeline

October 29, 2025 CVE published

October 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12082 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2025-12971 Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation CVE-2026-3210 Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011 CVE-2025-41246 Improper authorisation vulnerability CVE-2026-32042 OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)