What is CVE-2022-25275?

CVE-2022-25275 is a vulnerability in Drupal Core. Published 2023-04-26.

Is CVE-2022-25275 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Drupal Core

CVE-2022-25275

In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked o…

EPSS: 0.006 (69.3th percentile) — read the EPSS interpretation.

Affected products

Drupal Core — versions 9.4, 9.3, 7

Public proof-of-concept exploits

jsanchez949/CavernSafeVuln

References

www.drupal.org/sa-core-2022-012

Frequently asked questions

What is CVE-2022-25275?: CVE-2022-25275 is a vulnerability in Drupal Core. Published 2023-04-26.
Is CVE-2022-25275 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.