Plattform
drupal
Komponente
drupal
Behoben in
10.3.13
10.4.3
11.0.12
11.1.3
10.3.13
10.3.13
10.3.13
10.3.13
CVE-2025-31673 addresses an Incorrect Authorization vulnerability within Drupal Core, leading to Forceful Browsing. This allows unauthorized access to resources by manipulating URLs. The vulnerability impacts Drupal core versions from 8.0.0 before 10.3.13, 10.4.0 before 10.4.3, 11.0.0 before 11.0.12, and 11.1.0 before 11.1.3. Mitigation involves upgrading to a patched version of Drupal Core.
The Forceful Browsing vulnerability (CVE-2025-31673) allows an attacker to potentially access sensitive data or perform unauthorized actions by directly accessing URLs that should be protected. This could include viewing administrative pages, accessing user data, or even modifying content, depending on the specific resources exposed. The impact is particularly severe if the attacker can gain access to privileged information or manipulate critical website functionality. This vulnerability is similar in nature to other authorization bypass flaws, where attackers can circumvent access controls by crafting specific requests.
CVE-2025-31673 is not currently listed on KEV or EPSS. The CVSS score of 4.6 (MEDIUM) indicates a moderate probability of exploitation. Public proof-of-concept (POC) code is not yet widely available. Published on 2025-04-01.
Exploit-Status
EPSS
0.28% (51% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2025-31673 is to upgrade Drupal Core to version 10.3.13, 10.4.3, or 11.0.12, depending on the version currently in use. If upgrading is not immediately possible, review and restrict access to sensitive resources using Drupal's access control mechanisms. Implement strict URL validation and sanitization to prevent attackers from manipulating URLs to bypass access controls. After upgrading, verify the fix by attempting to access restricted resources directly through crafted URLs and confirming that access is denied.
Actualice Drupal core a la última versión disponible. Si está utilizando una versión anterior a la 10.3.x, actualice a la versión 10.3.13 o superior. Si está utilizando la versión 10.4.x, actualice a la versión 10.4.3 o superior. Si está utilizando la versión 11.0.x, actualice a la versión 11.0.12 o superior. Si está utilizando la versión 11.1.x, actualice a la versión 11.1.3 o superior.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's an attack technique that allows an attacker to access pages or resources without proper authorization.
Drupal 8.0.0 - 10.3.12, 10.4.0 - 10.4.2, 11.0.0 - 11.0.11, and 11.1.0 - 11.1.2.
Access the Drupal admin panel and verify the version in the site information section.
Implement additional security measures, such as strengthening user permissions and monitoring the site for suspicious activity.
Web security scanners can detect this vulnerability, but updating remains the most effective solution.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.