CVE-2025-13980
BaseFortify
Publication date: 2026-01-28
Last updated on: 2026-02-12
Assigner: Drupal.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cksource | ckeditor_5_premium_features | to 1.2.10 (exc) |
| cksource | ckeditor_5_premium_features | From 1.3.0 (inc) to 1.3.6 (exc) |
| cksource | ckeditor_5_premium_features | From 1.4.0 (inc) to 1.4.3 (exc) |
| cksource | ckeditor_5_premium_features | From 1.6.0 (inc) to 1.6.4 (exc) |
| cksource | ckeditor_5_premium_features | 1.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Authentication Bypass Using an Alternate Path or Channel in Drupal CKEditor 5 Premium Features. It allows an attacker to bypass normal authentication mechanisms, potentially gaining unauthorized access to functionality that should be restricted.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to bypass authentication controls, which may lead to unauthorized access to sensitive features or data within the Drupal CKEditor 5 Premium Features. This could result in data exposure, unauthorized changes, or other security breaches.