CVE-2025-31673

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-31673

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-31673.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-31673

Aliases

Published

2025-03-31T22:15:19.773Z

Modified

2025-12-10T23:41:12.209689Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

References

https://www.drupal.org/sa-core-2025-002

Affected packages

Git / github.com/drupal/drupal

Affected ranges

Type: GIT
Repo: https://github.com/drupal/drupal
Events: Introduced

35c2f3ca5c935f3d8bde15932a712677c9bbd50f

Fixed

eb3d3ba659ca1bcc104f44c402db5b26b39531fc

Affected versions

10.*

10.0.0-alpha1

10.0.0-alpha3

10.0.0-alpha4

10.0.0-alpha5

10.1.0-alpha1

10.3.0-beta1

10.3.0-rc1

10.3.1

10.3.10

10.3.11

10.3.12

10.3.2

10.3.3

10.3.4

10.3.5

10.3.6

10.3.7

10.3.8

10.3.9

8.*

8.0.0

8.1.0-beta1

9.*

9.0.0-alpha1

9.0.0-alpha2