cvedb.io
CVE-2022-25271
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-02-16T23:15:11.253 · Last modified 2026-06-17T04:33:18.843

Summary

Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.

Affected products

drupal — drupal

Does this affect you?

Add your gear to cvedb and we'll alert you only when drupal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.