CVE-2025-13980

MEDIUM

Cksource Ckeditor 5 Premium Features < 1.2.10 - Authentication Bypass

Title source: rule
STIX 2.1

Description

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.

References (1)

Scores

CVSS v3 5.3
EPSS 0.0005
EPSS Percentile 16.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-288
Status published
Products (2)
cksource/ckeditor_5_premium_features 1.5.0
cksource/ckeditor_5_premium_features < 1.2.10
Published Jan 28, 2026
Tracked Since Feb 18, 2026