View online: https://www.drupal.org/sa-contrib-2025-125
Project: Acquia Content Hub [1] Date: 2025-December-10 Security risk: *Moderately critical* 11 ∕ 25 AC:Complex/A:None/CI:Some/II:None/E:Theoretical/TD:Default [2] Vulnerability: Cross-Site Request Forgery
Affected versions: <3.6.4 || >=3.7.0 <3.7.3 || >=3.8.0 <3.8.0 CVE IDs: CVE-2025-14472 Description: This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites.
The module doesn't sufficiently protect export routes from cross-site request forgery (CSRF) attacks, potentially allowing an attacker to trick an admin into exporting an unwanted entity.
Solution: Install the latest version:
* If you use Acquia Content Hub 3.6.x, upgrade to Acquia Content Hub 3.6.4 [3]. * If you use Acquia Content Hub 3.7.x, upgrade to Acquia Content Hub 3.7.3 [4]. * The latest version, Acquia Content Hub 3.8.0 [5], is also now available with both the security fix and other improvements.
Reported By: * Lee Rowlands (larowlan) [6] of the Drupal Security Team
Fixed By: * Kirti Garg (kirti_garg) [7] * Narendra Shenvi Desai (n4r3n) [8] * Peter Pajor (pajor) [9]
Coordinated By: * Greg Knaddison (greggles) [10] of the Drupal Security Team * Juraj Nemec (poker10) [11] of the Drupal Security Team * Jess (xjm) [12] of the Drupal Security Team
------------------------------------------------------------------------------ Contribution record [13]
[1] https://www.drupal.org/project/acquia_contenthub [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/acquia_contenthub/releases/3.6.4 [4] https://www.drupal.org/project/acquia_contenthub/releases/3.7.3 [5] https://www.drupal.org/project/acquia_contenthub/releases/3.8.0 [6] https://www.drupal.org/u/larowlan [7] https://www.drupal.org/u/kirti_garg [8] https://www.drupal.org/u/n4r3n [9] https://www.drupal.org/u/pajor [10] https://www.drupal.org/u/greggles [11] https://www.drupal.org/u/poker10 [12] https://www.drupal.org/u/xjm [13] https://new.drupal.org/contribution-record?source_link=https%3A//www.drupal....