CVE-2022-25273
Improper input validation in Drupal core
7.5
HIGH
CVSS 3.1
EPSS 0.47%
Description
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.
How to fix CVE-2022-25273
To remediate CVE-2022-25273, upgrade the affected package to a fixed version below.
- —upgrade to 9.2.18 or later
- —upgrade to 9.2.18 or later
- —upgrade to 9.2.18 or later
Is CVE-2022-25273 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 8.0.0, < 9.2.18, >= 9.3.0, < 9.3.12
- >= 8.0.0, < 9.2.18 | >= 9.3.0, < 9.3.12
- >= 8.0.0, < 9.2.18
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |