πŸ” CVE Alert

CVE-2025-9551

MEDIUM 6.5

Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101

CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
15th

Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0, from 7.X-1.0 before 7.X-2.5.

CWE CWE-307
Vendor drupal
Product protected pages
Ecosystems
Industries
WebMedia
Published Oct 10, 2025
Last Updated Mar 26, 2026
Stay Ahead of the Next One

Get instant alerts for drupal protected pages

Be the first to know when new medium vulnerabilities affecting drupal protected pages are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Drupal / Protected Pages
0.0.0 < 1.8.0 7.x-1.0 < 7.x-2.5

References

NVD β†— CVE.org β†— EPSS Data β†—
drupal.org: https://www.drupal.org/sa-contrib-2025-101 docs.herodevs.com: https://docs.herodevs.com/drupal/release-notes/protected-pages d7es.tag1.com: https://d7es.tag1.com/security-advisories/protected-pages-moderately-critical-access-bypass-sa-contrib-2025-101

Credits

Pierre Rudloff (prudloff) Oksana Cyrwus (oksana-c) Ra MΓ€nd (ram4nd) Benji Fisher (benjifisher) Damien McKenna (damienmckenna) Greg Knaddison (greggles) Drew Webber (mcdruid) Juraj Nemec (poker10)