CVE-2025-11570
BaseFortify
Publication date: 2025-10-10
Last updated on: 2026-04-29
Assigner: Snyk
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| drupal | pattern_lab | 0.0.0 |
| drupal | unified_twig_ext | 1.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11570 is a Cross-site Scripting (XSS) vulnerability in the drupal-pattern-lab/unified-twig-extensions package. It occurs due to insufficient filtering and escaping of user input data, allowing malicious scripts to be injected and executed in users' browsers. This vulnerability is exploitable only if the code is executed outside of Drupal, as the affected function is intended to be shared between Drupal and Pattern Lab. The issue arises because example code included in the module does not adequately sanitize data, which can lead to XSS attacks if copied into a site's theme. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking, exposure of sensitive information, unauthorized access, and malware delivery. The impact on confidentiality and integrity is low but present, while availability is not affected. Exploitation requires network access, low privileges, and user interaction. The risk is mitigated somewhat because exploitation requires the vulnerable example code to be copied into a site's theme and executed outside of Drupal. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying usage of vulnerable versions of the drupal-pattern-lab/unified-twig-extensions package and checking for unsanitized Twig template code that could lead to XSS. You can scan your codebase for instances of the vulnerable Twig function usage, such as searching for patterns like `{{ link('<script>alert(`XSS`);</script>', 'bar', '') }}` or other unsanitized inputs in Twig templates. Additionally, monitoring web traffic for reflected or stored XSS payloads may help detect exploitation attempts. Specific commands could include using grep or similar tools to search for suspicious Twig template code, for example: `grep -r '{{ link(' path/to/your/theme/` or scanning HTTP logs for suspicious script injection patterns. However, no explicit detection commands are provided in the resources. [2, 1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading to Unified Twig Extensions version 1.1.1 or later, where the vulnerability is fixed. If upgrading is not immediately possible, ensure that any example code from the vulnerable package is not copied into your site's theme, as exploitation requires such usage. Additionally, sanitize and validate all user inputs, escape special characters in templates, enforce Content Security Policies (CSP), disable client-side scripts where feasible, and review your Twig templates for unsafe code. Contacting the Drupal Security Team for further guidance is also recommended. [1, 2]