Home > Vulnerability Database > CVE-2022-25278

Mend.io Vulnerability Database

CVE-2022-25278

Good to know:

Date: April 25, 2023

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: https://github.com/drupal/core

Url: https://www.drupal.org/sa-core-2022-013

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/drupal/core/CVE-2022-25278.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-25278

Url: https://www.mend.io/vulnerability-database/CVE-2022-25278

Severity Score

6.5

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version 9.3.19,9.4.3

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-25278

Good to know:

Date: April 25, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?