Drupal · Drupal Oauth2 Server · CVE-2025-31691
**Name of the Vulnerable Software and Affected Versions**
Drupal OAuth2 Server versions 0.0.0 through 2.0.x
**Description**
The issue is related to a Missing Authorization vulnerability in the Drupal OAuth2 Server, which allows Forceful Browsing.
**Recommendations**
For versions 0.0.0 through 2.0.x, update to version 2.1.0 or later to resolve the issue.