CVE-2025-3474

CVE-2025-3474: Panels - Critical - Access bypass - SA-CONTRIB-2025-033

Vendor Drupal
Product Panels
Weakness CWE-306 · Missing auth
Published April 9, 2025
Last update April 9, 2025

CVSS base score

What the vulnerability does

01Description

Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0.

Key dates

02Disclosure timeline

April 9, 2025 CVE published
April 9, 2025 Record updated