cvedb.io
CVE-2022-25278
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2023-04-26T15:15:08.747 · Last modified 2026-06-17T04:33:19.680

Summary

Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.

Affected products

drupal — drupal

Does this affect you?

Add your gear to cvedb and we'll alert you only when drupal ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.