CVE-2025-31685

CVE-2025-31685: Open Social - Moderately critical - Access bypass - SA-CONTRIB-2025-014

Vendor Drupal

Product Open Social

Weakness CWE-862 · Missing authorization

Published March 31, 2025

Last update April 29, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.

Key dates

02Disclosure timeline

March 31, 2025 CVE published

April 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-31685

Related vulnerabilities

04Related CVE

CVE-2025-24607 WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability CVE-2024-47337 WordPress Joy Of Text Lite plugin <= 2.3.1 - Broken Access Control vulnerability CVE-2024-50052 Arbitrary post deletion via Playbooks /ignore-thread endpoint CVE-2024-56294 WordPress Nexter Blocks plugin <= 4.0.7 - Broken Access Control vulnerability CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization

Identifiers

CVE CVE-2025-31685

CWE CWE-862

Affected versions

Vendor Drupal

Product Open Social

Affected ≥ 0.0.0 and < 12.3.11

Vendor Drupal

Product Open Social

Affected ≥ 12.4.0 and < 12.4.10