CVE-2022-25273

HIGH severity · CVSS 7.5 · Improper input validation

7.5CVSS HIGH

Summary

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactNone

Integrity impactHigh

Availability impactNone

Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products we track (1)

Drupal

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

NVD record
https://www.drupal.org/sa-core-2022-008Advisory
https://www.drupal.org/sa-core-2022-008Advisory