What is the CVSS score of CVE-2025-14472?

CVE-2025-14472 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Acquia Content Hub are affected by CVE-2025-14472?

A critical CSRF vulnerability in Drupal Acquia Content Hub (versions before 3.6.4 and 3.7.3) allows attackers to perform unauthorized actions on behalf of authenticated users without their knowledge.. A patch is available.

How to fix or mitigate CVE-2025-14472?

Within 24 hours: Identify all systems running Acquia Content Hub and document which versions are deployed; implement WAF rules to detect and block suspicious cross-origin requests to Content Hub endpoints. Within 7 days: Apply available updates to versions 3.6.4 or 3.7.3+; if updates unavailable for your version, implement strict SameSite cookie policies and CSRF token validation at the application level. Within 30 days: Conduct security audit of Content Hub administrative activities; review access logs for suspicious cross-origin requests; implement additional network segmentation to restrict Content Hub access.

Acquia Content Hub CVE-2025-14472

HIGH

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-01-28 mlhess@drupal.org

CSRF Drupal Acquia Content Hub

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 28, 2026 - 20:16 nvd

HIGH 8.1

DescriptionNVD

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3. [CVSS 8.1 HIGH]

Technical ContextAI

Classified as CWE-352 (Cross-Site Request Forgery (CSRF)). Affects Acquia Content Hub. Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-14472 vulnerability details – vuln.today

Back