CVE-2025-13081 | Drupal up to 10.4.8/10.5.5/11.1.8/11.2.7 Object Attribute dynamically-determined object attributes (sa-core-2025-006)

A vulnerability was found in Drupal up to 10.4.8/10.5.5/11.1.8/11.2.7. It has been classified as problematic. Affected by this vulnerability is an unknown functionality of the component Object Attribute Handler. This manipulation causes dynamically-determined object attributes.

This vulnerability is tracked as CVE-2025-13081. The attack is only possible within the local network. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More