PT-2025-13853 · Drupal · Drupal General Data Protection Regulation

Greg Knaddison

Published

2025-03-31

Updated

2025-04-01

CVE-2025-31689

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions Drupal General Data Protection Regulation versions 0.0.0 through 3.0.1, versions 3.1.0 through 3.1.2

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability, which allows for Cross Site Request Forgery. This is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to.

Recommendations For versions 0.0.0 through 3.0.1, update to version 3.0.1 or later. For versions 3.1.0 through 3.1.2, update to version 3.1.2 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-31689

DRUPAL-CONTRIB-2025-018

GHSA-JV6R-MJ9P-9XFF

Affected Products

Drupal General Data Protection Regulation

PT-2025-13853 · Drupal · Drupal General Data Protection Regulation

CVE-2025-31689

Weakness Enumeration

Related Identifiers

Affected Products

References · 8