CVE-2025-10930: Drupal Currency allows Cross Site Request Forgery

October 30, 2025

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Currency allows Cross Site Request Forgery. This issue affects Currency: from 0.0.0 before 3.5.0.

References

github.com/advisories/GHSA-27fv-rpgj-4c6m
nvd.nist.gov/vuln/detail/CVE-2025-10930
www.drupal.org/sa-contrib-2025-110

Code Behaviors & Features

Detect and mitigate CVE-2025-10930 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →