PT-2025-13837 · Drupal · Drupal

Benji Fisher

Publicado

2025-03-31

Atualizado

2025-06-03

CVE-2025-31673

CVSS v3.1

4.6

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Drupal core versions 8.0.0 through 10.3.12 Drupal core versions 10.4.0 through 10.4.2 Drupal core versions 11.0.0 through 11.0.11 Drupal core versions 11.1.0 through 11.1.2

Description The issue is related to an Incorrect Authorization vulnerability in Drupal core, allowing Forceful Browsing.

Recommendations For versions 8.0.0 through 10.3.12, update to version 10.3.13 or later. For versions 10.4.0 through 10.4.2, update to version 10.4.3 or later. For versions 11.0.0 through 11.0.11, update to version 11.0.12 or later. For versions 11.1.0 through 11.1.2, update to version 11.1.3 or later.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BIT-DRUPAL-2025-31673

CVE-2025-31673

DRUPAL-CORE-2025-002

GHSA-WPP8-FJGF-PWC7

Produtos afetados

Drupal

PT-2025-13837 · Drupal · Drupal

CVE-2025-31673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9