CVE-2025-31691

CVE-2025-31691: OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020

Vendor Drupal
Product OAuth2 Server
Weakness CWE-862 · Missing authorization
Published March 31, 2025
Last update April 29, 2025

CVSS base score

What the vulnerability does

01Description

Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.

Key dates

02Disclosure timeline

March 31, 2025 CVE published
April 29, 2025 Record updated