Cross-Site Request Forgery Vulnerability in Drupal Cache Utility
CVE-2025-31690

8.8HIGH

Key Information:

Vendor: Drupal
Status: Cache Utility
Vendor: CVE Published:; 31 March 2025

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Drupal Cache Utility, specifically affecting versions from 0.0.0 up to 1.2.0. This vulnerability could allow an attacker to trick users into performing unintended actions on the web application, potentially compromising sensitive information or altering application state. It is crucial for users and site administrators to apply the necessary security updates to mitigate the associated risks.

Affected Version(s)

Cache Utility 0.0.0 < 1.2.1

References

https://www.drupal.org/sa-contrib-2025-019

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Pierre Rudloff (prudloff)

cyoun

Greg Knaddison (greggles)