vulnerability

Drupal Drupal: CVE-2022-25278: Vulnerability in Drupal Drupal

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:C/A:N)	Apr 26, 2023	Sep 22, 2025	Dec 1, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:C/A:N)

Published

Apr 26, 2023

Added

Sep 22, 2025

Modified

Dec 1, 2025

Description

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

Solution

drupal-upgrade

References

CVE-2022-25278
https://attackerkb.com/topics/CVE-2022-25278
URL-https://www.drupal.org/sa-core-2022-013

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today