{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Drupal ist ein freies Content-Management-System, basierend auf der Scriptsprache PHP und einer SQL-Datenbank. Über zahlreiche Extensions kann der Funktionsumfang der Core-Installation individuell erweitert werden.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Drupal ausnutzen, um Cross-Site-Scripting-Angriffe zu starten, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2025-2733 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2733.json" }, { "category" : "self", "summary" : "WID-SEC-2025-2733 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2733" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-117" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-118" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-119" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-120" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-121" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-122" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-123" }, { "category" : "external", "summary" : "Drupal Security Advisory vom 2025-12-03", "url" : "https://www.drupal.org/sa-contrib-2025-124" } ], "source_lang" : "en-US", "title" : "Drupal-Module: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-01-28T23:00:00.000+00:00", "generator" : { "date" : "2026-01-29T08:27:37.862+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.5.0" } }, "id" : "WID-SEC-W-2025-2733", "initial_release_date" : "2025-12-03T23:00:00.000+00:00", "revision_history" : [ { "date" : "2025-12-03T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2026-01-28T23:00:00.000+00:00", "number" : "2", "summary" : "Referenz(en) aufgenommen: EUVD-2025-206436, EUVD-2025-206437, EUVD-2025-206438, EUVD-2025-206439, EUVD-2025-206440, EUVD-2025-206441, EUVD-2025-206442, EUVD-2025-206435" } ], "status" : "final", "version" : "2" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "Disable Login Page <1.1.3", "product" : { "name" : "Open Source Drupal Disable Login Page <1.1.3", "product_id" : "T049055" } }, { "category" : "product_version", "name" : "Disable Login Page 1.1.3", "product" : { "name" : "Open Source Drupal Disable Login Page 1.1.3", "product_id" : "T049055-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:disable_login_page__1.1.3" } } }, { "category" : "product_version_range", "name" : "Mini Site <3.0.2", "product" : { "name" : "Open Source Drupal Mini Site <3.0.2", "product_id" : "T049056" } }, { "category" : "product_version", "name" : "Mini Site 3.0.2", "product" : { "name" : "Open Source Drupal Mini Site 3.0.2", "product_id" : "T049056-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:mini_site__3.0.2" } } }, { "category" : "product_version_range", "name" : "CKEditor 5 Premium Features <1.2.10", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features <1.2.10", "product_id" : "T049057" } }, { "category" : "product_version", "name" : "CKEditor 5 Premium Features 1.2.10", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features 1.2.10", "product_id" : "T049057-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ckeditor_5_premium_features__1.2.10" } } }, { "category" : "product_version_range", "name" : "CKEditor 5 Premium Features <1.3.6", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features <1.3.6", "product_id" : "T049058" } }, { "category" : "product_version", "name" : "CKEditor 5 Premium Features 1.3.6", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features 1.3.6", "product_id" : "T049058-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ckeditor_5_premium_features__1.3.6" } } }, { "category" : "product_version_range", "name" : "CKEditor 5 Premium Features <1.4.3", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features <1.4.3", "product_id" : "T049059" } }, { "category" : "product_version", "name" : "CKEditor 5 Premium Features 1.4.3", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features 1.4.3", "product_id" : "T049059-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ckeditor_5_premium_features__1.4.3" } } }, { "category" : "product_version_range", "name" : "CKEditor 5 Premium Features <1.5.1", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features <1.5.1", "product_id" : "T049060" } }, { "category" : "product_version", "name" : "CKEditor 5 Premium Features 1.5.1", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features 1.5.1", "product_id" : "T049060-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ckeditor_5_premium_features__1.5.1" } } }, { "category" : "product_version_range", "name" : "CKEditor 5 Premium Features <1.6.4", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features <1.6.4", "product_id" : "T049061" } }, { "category" : "product_version", "name" : "CKEditor 5 Premium Features 1.6.4", "product" : { "name" : "Open Source Drupal CKEditor 5 Premium Features 1.6.4", "product_id" : "T049061-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ckeditor_5_premium_features__1.6.4" } } }, { "category" : "product_version_range", "name" : "AI <1.0.7", "product" : { "name" : "Open Source Drupal AI <1.0.7", "product_id" : "T049062" } }, { "category" : "product_version", "name" : "AI 1.0.7", "product" : { "name" : "Open Source Drupal AI 1.0.7", "product_id" : "T049062-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ai__1.0.7" } } }, { "category" : "product_version_range", "name" : "AI <1.1.7", "product" : { "name" : "Open Source Drupal AI <1.1.7", "product_id" : "T049063" } }, { "category" : "product_version", "name" : "AI 1.1.7", "product" : { "name" : "Open Source Drupal AI 1.1.7", "product_id" : "T049063-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ai__1.1.7" } } }, { "category" : "product_version_range", "name" : "AI <1.2.4", "product" : { "name" : "Open Source Drupal AI <1.2.4", "product_id" : "T049064" } }, { "category" : "product_version", "name" : "AI 1.2.4", "product" : { "name" : "Open Source Drupal AI 1.2.4", "product_id" : "T049064-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:ai__1.2.4" } } }, { "category" : "product_version_range", "name" : "Login Time Restriction <1.0.3", "product" : { "name" : "Open Source Drupal Login Time Restriction <1.0.3", "product_id" : "T049065" } }, { "category" : "product_version", "name" : "Login Time Restriction 1.0.3", "product" : { "name" : "Open Source Drupal Login Time Restriction 1.0.3", "product_id" : "T049065-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:login_time_restriction__1.0.3" } } }, { "category" : "product_version_range", "name" : "Tagify <1.2.44", "product" : { "name" : "Open Source Drupal Tagify <1.2.44", "product_id" : "T049066" } }, { "category" : "product_version", "name" : "Tagify 1.2.44", "product" : { "name" : "Open Source Drupal Tagify 1.2.44", "product_id" : "T049066-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:tagify__1.2.44" } } }, { "category" : "product_version_range", "name" : "Entity Share <3.13.0", "product" : { "name" : "Open Source Drupal Entity Share <3.13.0", "product_id" : "T049067" } }, { "category" : "product_version", "name" : "Entity Share 3.13.0", "product" : { "name" : "Open Source Drupal Entity Share 3.13.0", "product_id" : "T049067-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:entity_share__3.13.0" } } }, { "category" : "product_version_range", "name" : "Next.js <1.6.4", "product" : { "name" : "Open Source Drupal Next.js <1.6.4", "product_id" : "T049074" } }, { "category" : "product_version", "name" : "Next.js 1.6.4", "product" : { "name" : "Open Source Drupal Next.js 1.6.4", "product_id" : "T049074-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:next.js__1.6.4" } } }, { "category" : "product_version_range", "name" : "Next.js <2.0.1", "product" : { "name" : "Open Source Drupal Next.js <2.0.1", "product_id" : "T049075" } }, { "category" : "product_version", "name" : "Next.js 2.0.1", "product" : { "name" : "Open Source Drupal Next.js 2.0.1", "product_id" : "T049075-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:drupal:drupal:next.js__2.0.1" } } } ], "category" : "product_name", "name" : "Drupal" } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-13979", "product_status" : { "known_affected" : [ "T049056" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13979" }, { "cve" : "CVE-2025-13980", "product_status" : { "known_affected" : [ "T049061", "T049060", "T049059", "T049058", "T049057" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13980" }, { "cve" : "CVE-2025-13981", "product_status" : { "known_affected" : [ "T049062", "T049064", "T049063" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13981" }, { "cve" : "CVE-2025-13982", "product_status" : { "known_affected" : [ "T049065" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13982" }, { "cve" : "CVE-2025-13983", "product_status" : { "known_affected" : [ "T049066" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13983" }, { "cve" : "CVE-2025-13984", "product_status" : { "known_affected" : [ "T049074" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13984" }, { "cve" : "CVE-2025-13985", "product_status" : { "known_affected" : [ "T049067" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13985" }, { "cve" : "CVE-2025-13986", "product_status" : { "known_affected" : [ "T049055" ] }, "release_date" : "2025-12-03T23:00:00.000+00:00", "title" : "CVE-2025-13986" } ] }