Missing Authorization Flaw in Drupal Open Social Affects Multiple Versions
CVE-2025-31686

8.1HIGH

Key Information:

Vendor: Drupal
Status: Open Social
Vendor: CVE Published:; 31 March 2025

Summary

A vulnerability in Drupal Open Social has been identified, allowing unauthorized access through forceful browsing. This issue affects multiple versions of Open Social, including all versions before 12.3.11 and from 12.4.0 to prior to 12.4.10. Attackers exploiting this flaw can bypass authorization mechanisms, potentially gaining access to restricted resources and information. It is crucial for users and administrators to update their installations to mitigate this risk.

Affected Version(s)

Open Social 0.0.0 < 12.3.11

Open Social 12.4.0 < 12.4.10

References

https://www.drupal.org/sa-contrib-2025-015

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Robert Ragas (robertragas)

zanvidmar

Denis Kolmerschlag (uber_denis)

zanvidmar

Greg Knaddison (greggles)