CVE-2025-48914
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal COOKiES Consent Management module, which could execute in users' browsers. It affects all Drupal sites using COOKiES Consent Management module versions before 1.2.15. Attackers could steal session cookies, redirect users, or perform actions on their behalf.
💻 Affected Systems
- Drupal COOKiES Consent Management module
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full control of the Drupal site, and potentially compromise the entire server infrastructure.
Likely Case
Attackers steal user session cookies, perform unauthorized actions as authenticated users, and potentially access sensitive user data.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users' browsers.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity once the injection point is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.15
Vendor Advisory: https://www.drupal.org/sa-contrib-2025-075
Restart Required: No
Instructions:
1. Log into Drupal admin panel. 2. Navigate to Extend > Update. 3. Update COOKiES Consent Management module to version 1.2.15. 4. Clear Drupal caches.
🔧 Temporary Workarounds
Disable COOKiES Consent Management module
allTemporarily disable the vulnerable module until patching is possible
drush pm-disable cookies_consent_management
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or configure in web server settings
🧯 If You Can't Patch
- Implement web application firewall rules to block XSS payloads
- Enable Drupal's built-in XSS protection filters and input validation
🔍 How to Verify
Check if Vulnerable:
Check Drupal admin panel at /admin/modules or run: drush pm-list | grep cookies_consent_managementCheck Version:
drush pml cookies_consent_management --fields=versionVerify Fix Applied:
Verify module version is 1.2.15 or higher: drush pml cookies_consent_management --fields=version📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to cookie consent endpoints
- Requests containing script tags or JavaScript in parameters
Network Indicators:
- HTTP requests with suspicious parameters like <script>, javascript:, or encoded payloads
SIEM Query:
web_requests WHERE (url CONTAINS 'cookies_consent' OR url CONTAINS 'cookie_consent') AND (parameters CONTAINS '<script' OR parameters CONTAINS 'javascript:' OR parameters CONTAINS '%3Cscript')