CVE-2025-9549

CVE-2025-9549: Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099

Vendor Drupal
Product Facets
Weakness CWE-862 · Missing authorization
Published October 10, 2025
Last update October 15, 2025

CVSS base score

What the vulnerability does

01Description

Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.

Key dates

02Disclosure timeline

October 10, 2025 CVE published
October 15, 2025 Record updated

Related vulnerabilities

04Related CVE