CVE-2025-14472

CVE-2025-14472: Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125

Vendor Drupal
Product Acquia Content Hub
Weakness CWE-352 · CSRF
Published January 28, 2026
Last update January 29, 2026

CVSS base score

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

Explanation of Vulnerability in Simple Terms

02Summary

Acquia Content Hub for Drupal contains a cross-site request forgery (CSRF) vulnerability in versions before 3.6.4. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the Content Hub module without the administrator's knowledge or consent. Update to version 3.6.4 or later to fix this issue.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions on the Content Hub module by tricking a logged-in admin into visiting a malicious page.

Potential impact on your site

04Site Impact

An attacker can modify Content Hub settings or data if they trick your admin into visiting a malicious page.

Conditions required to exploit

05Prerequisites

A logged-in Drupal administrator must visit an attacker-controlled page or click a malicious link.

Key dates

06Disclosure timeline

January 28, 2026 CVE published
January 29, 2026 Record updated