Missing Authentication Vulnerability in Drupal Config Pages Viewer by Drupal
CVE-2025-7031

Currently unrated

Key Information:

Vendor

Drupal

Vendor
CVE Published:
8 July 2025

What is CVE-2025-7031?

The vulnerability in the Config Pages Viewer component of Drupal stems from insufficient authentication checks, allowing attackers to exploit incorrectly configured access controls. This can lead to unauthorized access to critical configuration settings. Users of Config Pages Viewer versions from 0.0.0 up to 1.0.4 are particularly at risk and should take immediate action to review their security configurations.

Affected Version(s)

Config Pages Viewer 0.0.0 < 1.0.4

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Pierre Rudloff (prudloff)
drdam
Pierre Rudloff (prudloff)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
Jess (xjm)
.
CVE-2025-7031 : Missing Authentication Vulnerability in Drupal Config Pages Viewer by Drupal