Cyber Resilience

CVE-2025-14472

High

Published: 28 January 2026

Published
28 January 2026
Modified
06 February 2026
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score 0.0013 3.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-14472 is a high-severity CSRF (CWE-352) vulnerability in Acquia Acquia Content Hub. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-14472 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Acquia Content Hub module for Drupal. It affects Acquia Content Hub versions from 0.0.0 before 3.6.4 and from 3.7.0 before 3.7.3. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N), indicating high severity due to network accessibility, low attack complexity, no required privileges, and user interaction.

Attackers can exploit this CSRF flaw remotely without authentication by crafting malicious web content, such as a webpage, image, or link, that triggers unauthorized requests from a victim's browser to the vulnerable Drupal site. This requires the victim to be an authenticated user with a session active. Successful exploitation enables high confidentiality and integrity impacts, allowing attackers to perform state-changing actions on behalf of the user, such as data exfiltration or unauthorized modifications.

The Drupal security advisory at https://www.drupal.org/sa-contrib-2025-125 details the issue. Mitigation requires updating Acquia Content Hub to version 3.6.4 or later in the 3.x series, or 3.7.3 or later in the 3.7.x series.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CSRF vulnerability in public-facing Drupal web module directly enables exploitation of the application over the network with user interaction to perform unauthorized state changes.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-3105Same vendor: Acquia
CVE-2025-23467Shared CWE-352
CVE-2018-25170Shared CWE-352
CVE-2025-22336Shared CWE-352
CVE-2025-23821Shared CWE-352
CVE-2025-22582Shared CWE-352
CVE-2025-23639Shared CWE-352
CVE-2024-50858Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2026-6455Shared CWE-352

Affected Assets

acquia
acquia content hub
≤ 3.6.4 · 3.7.0 — 3.7.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CSRF by requiring mechanisms such as synchronizer tokens or origin checks to protect the authenticity of communications sessions.

prevent

Ensures timely remediation of the specific CSRF vulnerability in Acquia Content Hub by applying patches to fixed versions 3.6.4 or 3.7.3.

prevent

Addresses CSRF by validating information inputs like referer headers or request origins to reject forged state-changing requests.

References