CVE-2025-13980
MEDIUMCKEditor 5 Premium Features < 1.2.10, 1.3.0-1.3.5, 1.4.0-1.4.2, 1.5.0, 1.6.0-1.6.3 - Authentication Bypass
Title source: llmDescription
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal CKEditor 5 Premium Features allows Functionality Bypass.This issue affects CKEditor 5 Premium Features: from 0.0.0 before 1.2.10, from 1.3.0 before 1.3.6, from 1.4.0 before 1.4.3, from 1.5.0 before 1.5.1, from 1.6.0 before 1.6.4.
References (1)
Core 1
Core References
Vendor Advisory
https://www.drupal.org/sa-contrib-2025-118
Scores
CVSS v3
5.3
EPSS
0.0023
EPSS Percentile
14.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-288
Status
published
Products (2)
cksource/ckeditor_5_premium_features
1.5.0
cksource/ckeditor_5_premium_features
< 1.2.10
Published
Jan 28, 2026
Tracked Since
Feb 18, 2026