GHSA-m9w8-wxvp-c9gv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m9w8-wxvp-c9gv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-m9w8-wxvp-c9gv/GHSA-m9w8-wxvp-c9gv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m9w8-wxvp-c9gv
- Aliases
-
- CVE-2025-31686
- Published
- 2025-04-01T00:30:34Z
- Modified
- 2026-03-18T18:28:21.463316Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 7.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Drupal Open Social Missing Authorization vulnerability
- Details
-
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing. This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
- Database specific
{ "nvd_published_at": "2025-03-31T22:15:21Z", "cwe_ids": [ "CWE-862" ], "github_reviewed": true, "github_reviewed_at": "2025-04-02T15:14:00Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-31686
- https://github.com/goalgorilla/open_social/commit/6830b1788616fc24fb3913ce88c5d997a363a5de
- https://github.com/goalgorilla/open_social/commit/6fa5181901d4be3a64793f29c6ce0c9bd535a42f
- https://github.com/goalgorilla/open_social
- https://www.drupal.org/sa-contrib-2025-015
Affected packages
Packagist / goalgorilla/open_social
Package
- Name
- goalgorilla/open_social
- Purl
- pkg:composer/goalgorilla/open_social
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.3.11
Affected versions
1.*
1.0.0-alpha6
1.0.0-alpha7
1.0.0-beta1
1.0.0-beta2
1.0.0-beta3
1.0.0-beta4
1.0.0-beta5
1.0.0-beta6
1.0.0-beta7
1.0.0-beta8
1.0.0-beta9
1.0.0-beta10
1.0.0-beta11
1.0.0-beta12
1.0.0-beta13
1.0.0-beta14
1.0.0-rc1
1.0.0-rc2
1.0.0-rc3
1.0.0-rc4
1.0.0-rc5
1.0.0-rc6
1.0.0-rc7
1.0.0-rc8
1.0.0
1.1.0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0
1.11.0
1.12.0
1.13.0
1.14.0
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
2.*
2.0.0-beta1
2.0.0
2.1.0
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0
3.*
3.0.0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.6.0
3.7.0
3.8.0
3.9.0
3.10.0
3.11.0
3.12.0
3.13.0
3.14.0
3.15.0
4.*
4.0.0
4.1.0
4.2.0
4.3.0
4.4.0
4.5.0
4.6.0
4.7.0
4.8.0
4.9.0
4.10.0
4.11.0
4.12.0
4.13.0
4.14.0
4.15.0
5.*
5.0-alpha1
5.0.0
5.1.0
5.2.0
5.3.0
5.4.0
5.5.0
5.6.0
5.7.0
6.*
6.0.0
6.1.0
6.2.0
6.3.0
6.4.0
6.5.0
6.6.0
6.7.0
7.*
7.0.0-beta1
7.0.0-beta2
7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.7.0
8.*
8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.8.0
8.9.0
8.10.0
9.*
9.0.0-alpha1
9.0.0-beta-1
9.0.0
9.1.0
9.2.0
9.3.0
9.4.0
9.5.0
9.6.0
9.7.0
9.8.0
9.9.0
9.12.0
9.13.0
9.14.0
9.15.0
9.16.0
9.17.0
9.18.0
10.*
10.0.0
10.0.1
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9
10.0.10
10.0.11
10.0.12
10.0.13
10.0.14
10.0.15
10.0.16
10.0.17
10.0.18
10.1.0
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.1.6
10.1.7
10.1.8
10.1.9
10.1.10
10.1.11
10.1.12
10.1.13
10.1.14
10.1.15
10.1.16
10.2.0
10.2.1
10.2.2
10.2.3
10.2.4
10.2.5
10.2.6
10.2.7
10.2.8
10.2.9
10.2.10
10.2.11
10.3.0
10.3.1
10.3.2
10.3.3
10.3.4
10.3.5
10.3.6
10.3.7
10.3.8
10.3.9
11.*
11.0.0-alpha1
11.0.0-rc1
11.0.0-rc2
11.0.0-rc3
11.0.0-rc4
11.0.0-rc5
11.0.0-rc6
11.0.0
11.0.1
11.0.2
11.0.3
11.0.4
11.0.5
11.0.6
11.0.7
11.0.8
11.0.9
11.0.10
11.0.11
11.0.12
11.0.13
11.0.14
11.1.0-rc1
11.1.0-rc3
11.1.0-rc4
11.1.0-rc5
11.1.0-rc6
11.1.0-rc7
11.1.0
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.1.6
11.1.7
11.1.8
11.1.9
11.1.10
11.1.11
11.1.12
11.1.13
11.1.14
11.1.15
11.1.16
11.2.0-alpha1
11.2.0-alpha2
11.2.0-alpha3
11.2.0-beta1
11.2.0
11.2.1
11.2.2
11.2.3
11.2.4
11.2.5
11.2.6
11.2.7
11.2.8
11.2.9
11.2.10
11.2.11
11.3.0-alpha1
11.3.0-beta1
11.3.0-beta2
11.3.0
11.3.1
11.3.2
11.3.3
11.3.4
11.3.5
11.3.6
11.3.7
11.3.8
11.3.9
11.3.10
11.3.11
11.3.12
11.3.13
11.3.14
11.3.15
11.3.16
11.4.0-alpha1
11.4.0-alpha2
11.4.0-alpha3
11.4.0-beta1
11.4.0-beta2
11.4.0-beta3
11.4.0-beta4
11.4.0
11.4.1
11.4.2
11.4.3
11.4.4
11.4.5
11.4.6
11.4.7
11.4.8
11.4.9
11.4.10
11.4.11
11.5.0-alpha1
11.5.0-alpha2
11.5.0-alpha3
11.5.0-beta1
11.5.0-beta2
11.5.0-beta3
11.5.0-beta4
11.5.0-rc1
11.5.0-rc2
11.5.0
11.5.1
11.5.2
11.5.3
11.5.4
11.5.5
11.5.6
11.5.7
11.5.8
11.5.9
11.6.0-alpha1
11.6.0-beta1
11.6.0-beta2
11.6.0
11.6.1
11.6.2
11.6.3
11.6.4
11.6.5
11.6.6
11.6.7
11.6.8
11.6.9
11.7.0-alpha1
11.7.0-beta1
11.7.0-rc1
11.7.0
11.7.1
11.7.2
11.7.3
11.7.4
11.7.5
11.7.6
11.8.0-alpha1
11.8.0-beta1
11.8.0
11.8.1
11.8.2
11.8.3
11.8.4
11.8.5
11.8.6
11.8.7
11.8.8
11.8.9
11.8.10
11.8.11
11.8.12
11.9.0-alpha1
11.9.0-alpha2
11.9.0-beta1
11.9.0-rc1
11.9.0
11.9.1
11.9.2
11.9.3
11.9.4
11.9.5
11.9.6
11.9.7
11.9.8
11.9.9
11.9.10
11.9.11
11.9.12
11.9.13
11.9.14
11.9.15
11.9.16
11.10.0-alpha1
11.10.0-beta1
11.10.0-beta2
11.10.0-rc1
11.10.0-rc2
11.10.0
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.11.0
11.11.1
11.11.2
11.11.3
11.11.4
12.*
12.0.0-alpha1
12.0.0-alpha2
12.0.0-rc1
12.0.0-rc2
12.0.0-rc3
12.0.0-rc4
12.0.0-rc5
12.0.0-rc6
12.0.0
12.0.1
12.0.2
12.0.3
12.0.4
12.0.5
12.0.6
12.0.7
12.0.8
12.0.9
12.1.0-alpha1
12.1.0-alpha2
12.1.0
12.1.1
12.1.2
12.1.3
12.1.4
12.1.5
12.2.0
12.2.1
12.2.2
12.2.3
12.2.4
12.2.5
12.3.0
12.3.1
12.3.2
12.3.3
12.3.4
12.3.5
12.3.6
12.3.7
12.3.8
12.3.9
12.3.10
Packagist / goalgorilla/open_social
Package
- Name
- goalgorilla/open_social
- Purl
- pkg:composer/goalgorilla/open_social