AI (Artificial Intelligence) - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-003

Vulnerability

The Drupal AI module, specifically the AI Chatbot submodule, is vulnerable to Cross-Site Request Forgery (CSRF). This flaw allows an attacker to craft a malicious request that can be forged on behalf of a privileged user who has an active session and the necessary permissions ("access deepchat api" and permission to assistants). The vulnerability exists in versions before 1.0.2 [1][2].

Exploitation

To exploit this vulnerability, the attacker must convince a target user with an active session and the required permissions to visit a malicious site. For data extraction, the target site must have a permissive CORS policy that allows the attacker to read the cross-origin response. For data modification, the targeted user must also have permission to use configured agents [2].

Impact

When combined with the AI Search submodule, the attack can expose indexed data that the attacker should not have access to. When combined with the external AI Agent module, the attack could allow exposure and modification of site configuration, including fields, content types, and vocabularies. Sites with custom-built agents that have more privileged access could be at greater risk [2].

Mitigation

The vulnerability is fixed in AI module version 1.0.2. Users are advised to update immediately. If updating is not possible, uninstalling the AI Chatbot submodule is recommended as a workaround [2].