Moderate severityNVD Advisory· Published Mar 31, 2025· Updated Apr 29, 2025
Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002
CVE-2025-31673
Description
Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
drupal/corePackagist | >= 8.0.0, < 10.3.13 | 10.3.13 |
drupal/corePackagist | >= 10.4.0, < 10.4.3 | 10.4.3 |
drupal/corePackagist | >= 11.0.0, < 11.0.12 | 11.0.12 |
drupal/corePackagist | >= 11.1.0, < 11.1.3 | 11.1.3 |
Affected products
3- osv-coords2 versions
>= 8.0.0, < 10.4.3+ 1 more
- (no CPE)range: >= 8.0.0, < 10.4.3
- (no CPE)range: >= 8.0.0, < 10.3.13
- Range: 8.0.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-wpp8-fjgf-pwc7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-31673ghsaADVISORY
- www.drupal.org/sa-core-2025-002ghsaWEB
News mentions
1- Drupal core - Moderately critical - Access bypass - SA-CORE-2025-002Drupal Security Advisories · Feb 19, 2025