CVE-2025-13980 - Vulnerability Details - OpenCVE

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Ckeditor	Ckeditor Ckeditor 5

No data.

No data.

References

Link	Providers
https://www.spirityenterprise.com/virtual-ciso
https://www.drupal.org/sa-contrib-2025-118

History

Thu, 29 Jan 2026 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 29 Jan 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ckeditor Ckeditor ckeditor Ckeditor ckeditor 5
Vendors & Products		Ckeditor Ckeditor ckeditor Ckeditor ckeditor 5

Wed, 28 Jan 2026 20:15:00 +0000

Type	Values Removed	Values Added
Description		Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.
Title		CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
Weaknesses		CWE-288
References		https://www.drupal.org/sa-contrib-2025-118

MITRE

Status: PUBLISHED

Assigner: drupal

Published: 2026-01-28T20:01:16.894Z

Updated: 2026-01-29T17:11:46.810Z

Reserved: 2025-12-03T17:04:19.606Z

Link: CVE-2025-13980

Vulnrichment

Updated: 2026-01-29T17:11:43.896Z

NVD

Status : Awaiting Analysis

Published: 2026-01-28T20:16:07.260

Modified: 2026-01-29T18:16:06.820

Link: CVE-2025-13980

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13980", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-12-03T17:04:19.606Z", "datePublished": "2026-01-28T20:01:16.894Z", "dateUpdated": "2026-01-29T17:11:46.810Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/ckeditor5_premium_features", "defaultStatus": "unaffected", "product": "CKEditor 5 Premium Features", "repo": "https://git.drupalcode.org/project/ckeditor5_premium_features", "vendor": "Drupal", "versions": [{"lessThan": "1.2.10", "status": "affected", "version": "0.0.0", "versionType": "semver"}, {"lessThan": "1.3.6", "status": "affected", "version": "1.3.0", "versionType": "semver"}, {"lessThan": "1.4.3", "status": "affected", "version": "1.4.0", "versionType": "semver"}, {"lessThan": "1.5.1", "status": "affected", "version": "1.5.0", "versionType": "semver"}, {"lessThan": "1.6.4", "status": "affected", "version": "1.6.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Wojciech Kukowski (salmonek)"}, {"lang": "en", "type": "remediation developer", "value": "Wojciech Kukowski (salmonek)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "datePublic": "2025-12-03T18:48:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.<p>This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.</p>"}], "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4."}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-01-28T20:01:16.894Z"}, "references": [{"url": "https://www.drupal.org/sa-contrib-2025-118"}], "source": {"discovery": "UNKNOWN"}, "title": "CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T17:11:20.684032Z", "id": "CVE-2025-13980", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T17:11:46.810Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-13980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-29T17:11:20.684032Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T17:11:43.896Z"}}], "cna": {"title": "CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Wojciech Kukowski (salmonek)"}, {"lang": "en", "type": "remediation developer", "value": "Wojciech Kukowski (salmonek)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/ckeditor5_premium_features", "vendor": "Drupal", "product": "CKEditor 5 Premium Features", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.2.10", "versionType": "semver"}, {"status": "affected", "version": "1.3.0", "lessThan": "1.3.6", "versionType": "semver"}, {"status": "affected", "version": "1.4.0", "lessThan": "1.4.3", "versionType": "semver"}, {"status": "affected", "version": "1.5.0", "lessThan": "1.5.1", "versionType": "semver"}, {"status": "affected", "version": "1.6.0", "lessThan": "1.6.4", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/ckeditor5_premium_features", "defaultStatus": "unaffected"}], "datePublic": "2025-12-03T18:48:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2025-118"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.", "supportingMedia": [{"type": "text/html", "value": "Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.<p>This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-01-28T20:01:16.894Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13980", "state": "PUBLISHED", "dateUpdated": "2026-01-29T17:11:46.810Z", "dateReserved": "2025-12-03T17:04:19.606Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2026-01-28T20:01:16.894Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}