{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Drupal ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. Über zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Linux\n- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2025-1404 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1404.json" }, { "category" : "self", "summary" : "WID-SEC-2025-1404 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1404" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-077" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-078" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-079" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-080" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-081" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-082" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-083" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-06-25", "url" : "https://www.drupal.org/sa-contrib-2025-084" } ], "source_lang" : "en-US", "title" : "Drupal Module: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2025-06-25T22:00:00.000+00:00", "generator" : { "date" : "2025-06-26T11:01:10.838+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.12" } }, "id" : "WID-SEC-W-2025-1404", "initial_release_date" : "2025-06-25T22:00:00.000+00:00", "revision_history" : [ { "date" : "2025-06-25T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "Paragraphs Table <2.0.5", "product" : { "name" : "Open Source Drupal Paragraphs Table <2.0.5", "product_id" : "T044873" } }, { "category" : "product_version", "name" : "Paragraphs Table 2.0.5", "product" : { "name" : "Open Source Drupal Paragraphs Table 2.0.5", "product_id" : "T044873-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:paragraphs_table__2.0.5" } } }, { "category" : "product_version_range", "name" : "Simple XML Sitemap <4.2.2", "product" : { "name" : "Open Source Drupal Simple XML Sitemap <4.2.2", "product_id" : "T044874" } }, { "category" : "product_version", "name" : "Simple XML Sitemap 4.2.2", "product" : { "name" : "Open Source Drupal Simple XML Sitemap 4.2.2", "product_id" : "T044874-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:simple_xml_sitemap__4.2.2" } } }, { "category" : "product_version_range", "name" : "Enterprise MFA-TFA <4.8.0", "product" : { "name" : "Open Source Drupal Enterprise MFA-TFA <4.8.0", "product_id" : "T044875" } }, { "category" : "product_version", "name" : "Enterprise MFA-TFA 4.8.0", "product" : { "name" : "Open Source Drupal Enterprise MFA-TFA 4.8.0", "product_id" : "T044875-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:enterprise_mfa_-_tfa__4.8.0" } } }, { "category" : "product_version_range", "name" : "Enterprise MFA-TFA <5.2.1", "product" : { "name" : "Open Source Drupal Enterprise MFA-TFA <5.2.1", "product_id" : "T044876" } }, { "category" : "product_version", "name" : "Enterprise MFA-TFA 5.2.1", "product" : { "name" : "Open Source Drupal Enterprise MFA-TFA 5.2.1", "product_id" : "T044876-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:enterprise_mfa_-_tfa__5.2.1" } } }, { "category" : "product_version_range", "name" : "CKEditor5 Youtube <1.0.3", "product" : { "name" : "Open Source Drupal CKEditor5 Youtube <1.0.3", "product_id" : "T044877" } }, { "category" : "product_version", "name" : "CKEditor5 Youtube 1.0.3", "product" : { "name" : "Open Source Drupal CKEditor5 Youtube 1.0.3", "product_id" : "T044877-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ckeditor5_youtube__1.0.3" } } }, { "category" : "product_name", "name" : "Open Source Drupal Klaro Cookie & Consent Management <3.0.7", "product" : { "name" : "Open Source Drupal Klaro Cookie & Consent Management <3.0.7", "product_id" : "T044878", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:klaro_cookie__consent_management__3.0.7" } } }, { "category" : "product_name", "name" : "Open Source Drupal Klaro Cookie & Consent Management 3.0.7", "product" : { "name" : "Open Source Drupal Klaro Cookie & Consent Management 3.0.7", "product_id" : "T044878-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:klaro_cookie__consent_management__3.0.7" } } }, { "category" : "product_version_range", "name" : "Open Social <12.3.14", "product" : { "name" : "Open Source Drupal Open Social <12.3.14", "product_id" : "T044879" } }, { "category" : "product_version", "name" : "Open Social 12.3.14", "product" : { "name" : "Open Source Drupal Open Social 12.3.14", "product_id" : "T044879-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:open_social__12.3.14" } } }, { "category" : "product_version_range", "name" : "Open Social <12.4.13", "product" : { "name" : "Open Source Drupal Open Social <12.4.13", "product_id" : "T044880" } }, { "category" : "product_version", "name" : "Open Social 12.4.13", "product" : { "name" : "Open Source Drupal Open Social 12.4.13", "product_id" : "T044880-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:open_social__12.4.13" } } }, { "category" : "product_version_range", "name" : "GLightbox <1.0.16", "product" : { "name" : "Open Source Drupal GLightbox <1.0.16", "product_id" : "T044881" } }, { "category" : "product_version", "name" : "GLightbox 1.0.16", "product" : { "name" : "Open Source Drupal GLightbox 1.0.16", "product_id" : "T044881-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:glightbox__1.0.16" } } }, { "category" : "product_version_range", "name" : "Toc.js <3.2.1", "product" : { "name" : "Open Source Drupal Toc.js <3.2.1", "product_id" : "T044882" } }, { "category" : "product_version", "name" : "Toc.js 3.2.1", "product" : { "name" : "Open Source Drupal Toc.js 3.2.1", "product_id" : "T044882-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:toc.js__3.2.1" } } } ], "category" : "product_name", "name" : "Drupal" } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-48921", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-48921" }, { "cve" : "CVE-2025-48922", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-48922" }, { "cve" : "CVE-2025-48923", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-48923" }, { "cve" : "CVE-2025-5682", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-5682" }, { "cve" : "CVE-2025-6674", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-6674" }, { "cve" : "CVE-2025-6676", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-6676" }, { "cve" : "CVE-2025-6677", "product_status" : { "known_affected" : [ "T044874", "T044873", "T044878", "T044877", "T044879", "T044881", "T044880", "T044882" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-6677" }, { "cve" : "CVE-2025-6675", "product_status" : { "known_affected" : [ "T044876", "T044875" ] }, "release_date" : "2025-06-25T22:00:00.000+00:00", "title" : "CVE-2025-6675" } ] }