What is the CVSS score of CVE-2025-14840?

CVE-2025-14840 has a contested CVSS base score of 7.5 from a third party (e.g. CISA-ADP), while the vendor rates it High. vuln.today uses the vendor rating as authoritative.

Which versions of Http Client Manager are affected by CVE-2025-14840?

Http Client Manager versions 9.3.13 and earlier contain a vulnerability that could allow attackers to exploit improper error handling, potentially leading to unauthorized access or system compromise.. A patch is available.

How to fix or mitigate CVE-2025-14840?

Within 24 hours: Inventory all systems running Http Client Manager versions up to 9.3.13 and assess whether they are internet-facing or process untrusted input. Within 7 days: Implement network segmentation to restrict access to affected components and enable enhanced logging/monitoring for suspicious activity. Within 30 days: Contact the vendor for patch availability; establish a deployment plan to upgrade to patched versions once released, or pursue permanent decommissioning of the affected component.

Http Client Manager CVE-2025-14840

HIGH

Improper Check for Unusual or Exceptional Conditions (CWE-754)

2026-01-28 mlhess@drupal.org

Drupal Http Client Manager Red Hat

High

Disputed · 7.5 NVD

Severity by source

Sources disagree (Low–High)

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Red Hat

2.2 LOW

qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 28, 2026 - 20:16 nvd

HIGH 7.5

DescriptionCVE.org

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.

AnalysisAI

Http Client Manager versions up to 9.3.13 is affected by improper check for unusual or exceptional conditions (CVSS 7.5).

Technical ContextAI

This vulnerability (CWE-754: Improper Check for Unusual or Exceptional Conditions) affects Http Client Manager. Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

CVE-2025-14840 vulnerability details – vuln.today

Back

Http Client Manager CVE-2025-14840

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code