CVE-2025-13080

CVE-2025-13080: Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005

Vendor Drupal

Product Drupal core

Weakness CWE-754

Published November 18, 2025

Last update November 18, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

Key dates

Disclosure timeline

November 18, 2025 CVE published

November 18, 2025 Record updated

Identifiers

CVE CVE-2025-13080

CWE CWE-754

Affected versions

Vendor Drupal

Product Drupal core

Affected ≥ 8.0.0 and < 10.4.9

Vendor Drupal

Product Drupal core

Affected ≥ 10.5.0 and < 10.5.6

Vendor Drupal

Product Drupal core

Affected ≥ 11.0.0 and < 11.1.9

Vendor Drupal

Product Drupal core

Affected ≥ 11.2.0 and < 11.2.8