CVE-2025-31673

CVE-2025-31673: Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002

Vendor Drupal

Product Drupal core

Weakness CWE-863 · Incorrect authorization

Published March 31, 2025

Last update April 29, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

Key dates

Disclosure timeline

March 31, 2025 CVE published

April 29, 2025 Record updated

Identifiers

CVE CVE-2025-31673

CWE CWE-863

Affected versions

Vendor Drupal

Product Drupal core

Affected ≥ 8.0.0 and < 10.3.13

Vendor Drupal

Product Drupal core

Affected ≥ 10.4.0 and < 10.4.3

Vendor Drupal

Product Drupal core

Affected ≥ 11.0.0 and < 11.0.12

Vendor Drupal

Product Drupal core

Affected ≥ 11.1.0 and < 11.1.3