CVE-2025-9551

CVE-2025-9551: Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

Vendor Drupal
Product Protected Pages
Weakness CWE-307 · Brute force
Published October 10, 2025
Last update March 26, 2026

CVSS base score

What the vulnerability does

01Description

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5.

Key dates

02Disclosure timeline

October 10, 2025 CVE published
March 26, 2026 Record updated