CVE-2025-13982 identifies a Cross-Site Request Forgery (CSRF) vulnerability in the Drupal Login Time Restriction module, specifically affecting versions prior to 1.0.3. CSRF vulnerabilities allow attackers to induce authenticated users to perform actions they did not intend by exploiting the trust a web application places in the user's browser. In this case, the vulnerability permits an attacker to manipulate login time restrictions by sending crafted requests that the victim's browser executes unknowingly. The vulnerability requires no privileges (PR:N) and can be exploited remotely over the network (AV:N) with low attack complexity (AC:L), but does require user interaction (UI:R), such as clicking a malicious link or visiting a malicious website. The impact on confidentiality and integrity is high (C:H/I:H), as unauthorized changes to login time restrictions could allow attackers to bypass access controls or lock out legitimate users. Availability is not impacted (A:N). The vulnerability affects the Login Time Restriction module, which is used to enforce time-based login policies in Drupal environments. Although no public exploits are currently known, the high CVSS score of 8.1 reflects the serious risk posed by this vulnerability. The issue was reserved in December 2025 and published in January 2026, indicating recent discovery and disclosure. No official patches or updates were linked at the time of reporting, but upgrading to version 1.0.3 or later is expected to resolve the issue. The vulnerability is tracked under CWE-352, a common web security weakness related to CSRF attacks.

For European organizations, the impact of CVE-2025-13982 can be significant, especially for those using Drupal as their primary content management system. Unauthorized modification of login time restrictions could allow attackers to circumvent security policies, potentially gaining unauthorized access during restricted periods or locking out legitimate users, disrupting business operations. This could lead to data breaches compromising sensitive personal or corporate data, violating GDPR and other data protection regulations, resulting in legal and financial penalties. The integrity of authentication controls is compromised, increasing the risk of further exploitation or lateral movement within networks. Public sector, financial institutions, healthcare providers, and large enterprises in Europe that rely on Drupal for web portals or intranet services are particularly at risk. The vulnerability could also be leveraged in targeted attacks against critical infrastructure or government websites, amplifying the potential impact. Although no exploits are currently known, the ease of exploitation and high impact warrant immediate attention to prevent future incidents.

European organizations should take the following specific mitigation steps: 1) Immediately verify the version of the Drupal Login Time Restriction module in use and plan to upgrade to version 1.0.3 or later as soon as it becomes available. 2) Until a patch is applied, implement additional CSRF protections such as verifying anti-CSRF tokens on all state-changing requests related to login time restrictions. 3) Restrict access to administrative interfaces and sensitive configuration endpoints using network-level controls or web application firewalls (WAF) with custom rules to detect and block suspicious CSRF-like requests. 4) Educate users and administrators about the risks of CSRF and encourage cautious behavior regarding unsolicited links or emails. 5) Monitor web server and application logs for unusual POST requests or changes to login time policies that could indicate exploitation attempts. 6) Conduct regular security audits and penetration testing focusing on authentication and session management modules. 7) Coordinate with Drupal security advisories and subscribe to vulnerability notifications to stay informed about patches and exploit developments. 8) Consider implementing multi-factor authentication (MFA) to reduce the impact of compromised login controls.