CVE-2025-14472 – This CSRF vulnerability in Drupal Acquia Conten... (How to Fix)

Q: What is the severity of CVE-2025-14472?

CVE-2025-14472 has a CVSS score of 8.1 (HIGH). This CSRF vulnerability in Drupal Acquia Content Hub allows attackers to trick authenticated administrators into performing unintended actions by crafting malicious requests. It affects all Drupal sites using Acquia Content Hub modules within specified vulnerable version ranges.

📋 TL;DR

This CSRF vulnerability in Drupal Acquia Content Hub allows attackers to trick authenticated administrators into performing unintended actions by crafting malicious requests. It affects all Drupal sites using Acquia Content Hub modules within specified vulnerable version ranges.

💻 Affected Systems

Products:

Drupal Acquia Content Hub

Versions: 0.0.0 to 3.6.3, 3.7.0 to 3.7.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated administrator access to exploit. Drupal sites using vulnerable Acquia Content Hub modules are affected.

📦 What is this software?

Acquia Content Hub by Acquia

View all CVEs affecting Acquia Content Hub →

Acquia Content Hub by Acquia

View all CVEs affecting Acquia Content Hub →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify content hub configurations, disrupt content synchronization, or potentially chain with other vulnerabilities for further compromise.

🟠

Likely Case

Unauthorized changes to content hub settings, disruption of content distribution between sites, or data integrity issues.

🟢

If Mitigated

Limited impact with proper CSRF protections, same-origin policies, and administrative access controls in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks typically require social engineering to trick authenticated users. No public exploit code identified in advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.4 or 3.7.3

Vendor Advisory: https://www.drupal.org/sa-contrib-2025-125

Restart Required: No

Instructions:

1. Update Acquia Content Hub module to version 3.6.4 (for 3.6.x branch) or 3.7.3 (for 3.7.x branch). 2. Clear Drupal caches. 3. Verify module functionality post-update.

🔧 Temporary Workarounds

CSRF Token Validation

all

Implement custom CSRF token validation for Content Hub endpoints

Implement custom form validation hooks in Drupal

Access Restriction

all

Restrict administrative access to Content Hub interfaces

Configure Drupal permissions to limit Content Hub access

🧯 If You Can't Patch

Implement strict same-origin policies and CORS restrictions
Use browser extensions that block CSRF attempts and monitor administrative sessions

🔍 How to Verify

Check if Vulnerable:

Check Acquia Content Hub module version in Drupal admin at /admin/modules or via drush: drush pm-list | grep acquia_content_hub

Check Version:

drush pm-list --fields=name,version | grep acquia_content_hub

Verify Fix Applied:

Confirm module version is 3.6.4 or higher (3.6.x branch) or 3.7.3 or higher (3.7.x branch)

📡 Detection & Monitoring

Log Indicators:

Unexpected POST requests to /admin/config/services/acquia-content-hub endpoints
Multiple failed CSRF token validations

Network Indicators:

Cross-origin requests to administrative endpoints without referrer validation

SIEM Query:

source="drupal" AND (uri_path="/admin/config/services/acquia-content-hub" OR module="acquia_content_hub") AND http_method="POST"

📊 Metadata

CVE ID: CVE-2025-14472

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-352

EPSS Score: 0.02% exploit probability (3.5th percentile)

Published: January 28, 2026

Last Updated: February 6, 2026

🔗 References

https://www.drupal.org/sa-contrib-2025-125 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14472, you might also want to check these: