Missing Authorization Vulnerability in Drupal AI by Acquia
CVE-2025-31678

8.2HIGH

Key Information:

Vendor: Drupal
Status: Ai (artificial Intelligence)
Vendor: CVE Published:; 31 March 2025

Summary

A missing authorization vulnerability in Drupal AI allows unauthorized users to access restricted resources through forceful browsing techniques. This issue impacts versions from 0.0.0 up to but not including 1.0.3, enabling potential attackers to circumvent access controls and expose sensitive information. It is crucial for users to upgrade to version 1.0.3 or later to mitigate the risk associated with this vulnerability.

Affected Version(s)

AI (Artificial Intelligence) 0.0.0 < 1.0.3

References

https://www.drupal.org/sa-contrib-2025-004

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Mingsong

Scott Euser

Marcus Johansson

Andrew Belcher

Greg Knaddison

Juraj Nemec

Dave Long