CVE-2025-14840

🗓️ 28 Jan 2026 20:03:21Reported by drupalType

Information disclosure due to improper check in Drupal HTTP Client Manager; affects versions before nine three thirteen, ten zero two, and eleven zero one.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2025-14840	28 Jan 202620:03	–	attackerkb
Circl	CVE-2025-14840	29 Jan 202618:02	–	circl
CNNVD	Drupal HTTP Client Manager security vulnerability	28 Jan 202600:00	–	cnnvd
Cvelist	CVE-2025-14840 HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126	28 Jan 202620:03	–	cvelist
Drupal	HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126	17 Dec 202500:00	–	drupal
EUVD	EUVD-2025-206433	28 Jan 202620:03	–	euvd
NVD	CVE-2025-14840	28 Jan 202620:16	–	nvd
OSV	CVE-2025-14840	28 Jan 202620:16	–	osv
OSV	DRUPAL-CONTRIB-2025-126	17 Dec 202517:47	–	osv
Positive Technologies	PT-2026-5207	28 Jan 202600:00	–	ptsecurity

NVD

Node

bmeme http_client_managerRange<9.3.13drupal

bmeme http_client_managerRange10.0.0–10.0.2drupal

bmeme http_client_managerMatch11.0.0drupal

[
  {
    "collectionURL": "https://www.drupal.org/project/http_client_manager",
    "defaultStatus": "unaffected",
    "product": "HTTP Client Manager",
    "repo": "https://git.drupalcode.org/project/http_client_manager",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThan": "9.3.13",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "10.0.2",
        "status": "affected",
        "version": "10.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "11.0.1",
        "status": "affected",
        "version": "11.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
drupal	www.drupal.org/sa-contrib-2025-126

06 Feb 2026 18:48Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.5

EPSS0.00082

SSVC

CWE-754