DRUPAL-CONTRIB-2025-014

See a problem?

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2025-014.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-014

Aliases

CVE-2025-31685
GHSA-gf72-h4cp-wcm4

Withdrawn

2026-03-18T18:00:07.430178Z

Published

2025-02-12T17:37:40Z

Modified

2026-03-18T18:00:07.430178Z

Summary

[none]

Details

Open Social is a Drupal distribution for online communities, which ships with a default (optional) module social_language to make your platform multilingual.

Some site administration configuration does not correctly check access when trying to translate allowing unauthorised people to translate these parts.

The issue is mitigated by the fact that social_language needs to be enabled with more than 1 language.

References

https://www.drupal.org/sa-contrib-2025-014

Credits

- Robert Ragas (robertragas)
- - https://www.drupal.org/u/robertragas
- zanvidmar
- - https://www.drupal.org/u/zanvidmar

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/social

Package

Name: drupal/social
Purl: pkg:composer/drupal/social

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

12.3.11

Database specific

{
    "constraint": "<12.3.11"
}

Type

ECOSYSTEM

Events

Introduced

12.4.0

Fixed

12.4.10

Database specific

{
    "constraint": ">=12.4.0 <12.4.10"
}

Database specific

affected_versions

"<12.3.11 || >=12.4.0 <12.4.10 "

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/social/DRUPAL-CONTRIB-2025-014.json"