{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "8.0.0" }, { "fixed": "10.4.9" }, { "introduced": "10.5.0" }, { "fixed": "10.5.6" }, { "introduced": "11.0.0" }, { "fixed": "11.1.9" }, { "introduced": "11.2.0" }, { "fixed": "11.2.8" } ] }, "events": [ { "introduced": "35c2f3ca5c935f3d8bde15932a712677c9bbd50f" }, { "fixed": "4507fabeab72c8290872f66b1a1a395bd91585ae" }, { "introduced": "d4b39f784711f3b861d59c37ec8e9f5592b623ce" }, { "fixed": "3f202596d6935bc6915f08b6a1c60e733600d3c1" }, { "introduced": "140f94ff1051644c4416c7ed30cc5dd1f14507b2" }, { "fixed": "5d83fa7b4b4eda5971085af5d5ff00811016376a" }, { "introduced": "338d58439d5b59d92ac9519ad81ffd916b673841" }, { "fixed": "f8bdd0862798ad59a8ebf87fb1df69642b799f5a" } ], "repo": "https://github.com/drupal/drupal", "type": "GIT" } ] } ], "details": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.", "id": "CVE-2025-13080", "modified": "2026-03-10T21:50:08.009400560Z", "published": "2025-11-18T17:15:58.813Z", "references": [ { "type": "ADVISORY", "url": "https://www.drupal.org/sa-core-2025-005" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ] }