Drupal Core UI Misrepr Vulnerability 8.x10.4.9,10.5.x10.5.6,11.x11.2.8
CVE-2025-13082 Published on November 18, 2025
Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.
Vulnerability Analysis
CVE-2025-13082 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Products Associated with CVE-2025-13082
Want to know whenever a new CVE is published for Drupal? stack.watch will email you.
Affected Versions
Drupal core:- Version 8.0.0 and below 10.4.9 is affected.
- Version 10.5.0 and below 10.5.6 is affected.
- Version 11.0.0 and below 11.1.9 is affected.
- Version 11.2.0 and below 11.2.8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.