Missing Authentication Vulnerability in Drupal Config Pages Viewer by Drupal
CVE-2025-7031

5.3MEDIUM

Key Information:

Vendor: Drupal
Status: Config Pages Viewer
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-7031?

The vulnerability in the Config Pages Viewer component of Drupal stems from insufficient authentication checks, allowing attackers to exploit incorrectly configured access controls. This can lead to unauthorized access to critical configuration settings. Users of Config Pages Viewer versions from 0.0.0 up to 1.0.4 are particularly at risk and should take immediate action to review their security configurations.

Affected Version(s)

Config Pages Viewer 0.0.0 < 1.0.4

References

https://www.drupal.org/sa-contrib-2025-086

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 2, 2025

Credit

Pierre Rudloff (prudloff)

drdam

Pierre Rudloff (prudloff)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

Jess (xjm)