[Security-news] CKEditor 5 Premium Features - Moderately critical - Access bypass - SA-CONTRIB-2025-118
security-news at drupal.org
security-news at drupal.org
Wed Dec 3 18:48:10 UTC 2025
View online: https://www.drupal.org/sa-contrib-2025-118
Project: CKEditor 5 Premium Features [1]
Date: 2025-December-03
Security risk: *Moderately critical* 13 ∕ 25
AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:All [2]
Vulnerability: Access bypass
Affected versions: <1.2.10 || >=1.3.0 <1.3.6 || >=1.4.0 <1.4.3 || >=1.5.0
<1.5.1 || >=1.6.0 <1.6.4
CVE IDs: CVE-2025-13980
Description:
The module provides instant integration of the official CKEditor 5 Premium
plugins into the Drupal editor configuration.
This module has a path traversal vulnerability, which allows an access bypass
to restricted image files in the system.
This access bypass is possible for any account with a /View published
content/ permission, but the risk is mitigated by the fact that only images
can be opened.
Solution:
Install the latest version:
* If you use the 10.3 or higher or 11.x versions of Drupal core, upgrade the
module to CKEditor 5 Premium Features 1.6.4 [3].
* If you use the 10.0 to 10.2 versions of Drupal core, upgrade the module to
CKEditor 5 Premium Features 1.5.1 [4].
* If you use the 9.x version of Drupal core, upgrade the module to CKEditor
5 Premium Features 1.3.6 [5].
A fix was also released to already unsupported branches. However, we
recommend to use the latest version that works with the version of Drupal
core that you're using:
* CKEditor 5 Premium Features 1.4.3 [6].
* CKEditor 5 Premium Features 1.2.10 [7].
After the module is updated, if you are using the Export to Word or Export to
PDF plugins, please grant the /Use exporters endpoints/ permission to roles
that are allowed to use text formats with export plugins enabled.
Reported By:
* Wojciech Kukowski (salmonek) [8]
Fixed By:
* Wojciech Kukowski (salmonek) [9]
Coordinated By:
* Greg Knaddison (greggles) [10] of the Drupal Security Team
* Juraj Nemec (poker10) [11] of the Drupal Security Team
* Jess (xjm) [12] of the Drupal Security Team
------------------------------------------------------------------------------
Contribution record [13]
[1] https://www.drupal.org/project/ckeditor5_premium_features
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/ckeditor5_premium_features/releases/1.6.4
[4] https://www.drupal.org/project/ckeditor5_premium_features/releases/1.5.1
[5] https://www.drupal.org/project/ckeditor5_premium_features/releases/1.3.6
[6] https://www.drupal.org/project/ckeditor5_premium_features/releases/1.4.3
[7] https://www.drupal.org/project/ckeditor5_premium_features/releases/1.2.10
[8] https://www.drupal.org/u/salmonek
[9] https://www.drupal.org/u/salmonek
[10] https://www.drupal.org/u/greggles
[11] https://www.drupal.org/u/poker10
[12] https://www.drupal.org/u/xjm
[13]
https://new.drupal.org/contribution-record?source_link=https%3A//www.drupal.org/node/3561307
More information about the Security-news
mailing list