Vulnerability Description
In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entities that do not use or do not have UUIDs, and entities that have different access restrictions on different revisions of the same entity.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Drupal | Drupal | >= 8.0.0, < 8.3.7 |
References
- http://www.securityfocus.com/bid/100368Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039200Third Party AdvisoryVDB Entry
- https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/201MitigationVendor Advisory
- http://www.securityfocus.com/bid/100368Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039200Third Party AdvisoryVDB Entry
- https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/201MitigationVendor Advisory
FAQ
What is CVE-2017-6925?
CVE-2017-6925 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability in the entity access system that could allow unwanted access to view, create, update, or delete entities. This only affects entiti...
How severe is CVE-2017-6925?
CVE-2017-6925 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-6925?
Check the references section above for vendor advisories and patch information. Affected products include: Drupal Drupal.