Search criteria

1 vulnerability by reverse_proxy_header_project

CVE-2025-10929 (GCVE-0-2025-10929)

Vulnerability from cvelistv5 – Published: 2025-10-29 23:14 – Updated: 2025-10-30 13:31
VLAI?
Title
Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111
Summary
Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
  • CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
Impacted products
Vendor Product Version
Drupal Reverse Proxy Header Affected: 0.0.0 , < 1.1.2 (semver)
Create a notification for this product.
Credits
Pierre Rudloff (prudloff) Bohdan Artemchuk (bohart) Drew Webber (mcdruid) Pierre Rudloff (prudloff) Greg Knaddison (greggles) Juraj Nemec (poker10) Pierre Rudloff (prudloff)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-10929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-30T13:31:45.484329Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-30T13:31:48.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/reverse_proxy_header",
          "defaultStatus": "unaffected",
          "product": "Reverse Proxy Header",
          "repo": "https://git.drupalcode.org/project/reverse_proxy_header",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "1.1.2",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pierre Rudloff (prudloff)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Bohdan Artemchuk (bohart)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Drew Webber (mcdruid)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Pierre Rudloff (prudloff)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison (greggles)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec (poker10)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Pierre Rudloff (prudloff)"
        }
      ],
      "datePublic": "2025-09-24T17:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.\u003cp\u003eThis issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2.\u003c/p\u003e"
            }
          ],
          "value": "Improper Validation of Consistency within Input vulnerability in Drupal Reverse Proxy Header allows Manipulating User-Controlled Variables.This issue affects Reverse Proxy Header: from 0.0.0 before 1.1.2."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-77",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-77 Manipulating User-Controlled Variables"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1288",
              "description": "CWE-1288 Improper Validation of Consistency within Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T23:14:07.047Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2025-111"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Reverse Proxy Header - Less critical - Access bypass - SA-CONTRIB-2025-111",
      "x_generator": {
        "engine": "Vulnogram 0.4.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2025-10929",
    "datePublished": "2025-10-29T23:14:07.047Z",
    "dateReserved": "2025-09-24T16:53:13.156Z",
    "dateUpdated": "2025-10-30T13:31:48.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}