Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

1 vulnerability by layout_builder_advanced_permissions_project

CVE-2025-8996 (GCVE-0-2025-8996)

Vulnerability from cvelistv5 – Published: 2025-08-15 16:27 – Updated: 2025-08-15 16:41

Title

Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097

Summary

Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-862 - Missing Authorization

Assigner

drupal

References

1 reference

URL	Tags
https://www.drupal.org/sa-contrib-2025-097

Impacted products

1 product

Vendor	Product	Version
Drupal	Layout Builder Advanced Permissions	Affected: 0.0.0 , < 2.2.0 (semver)

Date Public

2025-08-13 17:33

Credits

Eelke Blok (eelkeblok) Michael Whittaker (mrwhittaker) Eelke Blok (eelkeblok) Sorin Dediu (sdstyles) Sean Blommaert (seanb) Anna Kalata (akalata) Damien McKenna (damienmckenna) Greg Knaddison (greggles) Juraj Nemec (poker10) Cathy Theys (yesct)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-8996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-15T16:40:39.339474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-15T16:41:33.912Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/layout_builder_perms",
          "defaultStatus": "unaffected",
          "product": "Layout Builder Advanced Permissions",
          "repo": "https://git.drupalcode.org/project/layout_builder_perms",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "2.2.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Eelke Blok (eelkeblok)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Michael Whittaker (mrwhittaker)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Eelke Blok (eelkeblok)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Sorin Dediu (sdstyles)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Sean Blommaert (seanb)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Anna Kalata (akalata)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Damien McKenna (damienmckenna)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison (greggles)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec (poker10)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Cathy Theys (yesct)"
        }
      ],
      "datePublic": "2025-08-13T17:33:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.\u003cp\u003eThis issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Drupal Layout Builder Advanced Permissions allows Forceful Browsing.This issue affects Layout Builder Advanced Permissions: from 0.0.0 before 2.2.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-87",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-87 Forceful Browsing"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-15T16:27:53.342Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2025-097"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Layout Builder Advanced Permissions - Moderately critical - Access bypass - SA-CONTRIB-2025-097",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2025-8996",
    "datePublished": "2025-08-15T16:27:53.342Z",
    "dateReserved": "2025-08-13T17:30:32.002Z",
    "dateUpdated": "2025-08-15T16:41:33.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

1 vulnerability by layout_builder_advanced_permissions_project

CVE-2025-8996 (GCVE-0-2025-8996)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.