Missing Authentication Vulnerability in Drupal Config Pages Viewer by Drupal
CVE-2025-7031

Currently unrated

Key Information:

Vendor: Drupal
Status: Config Pages Viewer
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-7031?

The vulnerability in the Config Pages Viewer component of Drupal stems from insufficient authentication checks, allowing attackers to exploit incorrectly configured access controls. This can lead to unauthorized access to critical configuration settings. Users of Config Pages Viewer versions from 0.0.0 up to 1.0.4 are particularly at risk and should take immediate action to review their security configurations.

Affected Version(s)

Config Pages Viewer 0.0.0 < 1.0.4

References

https://www.drupal.org/sa-contrib-2025-086

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Jul 2, 2025

Credit

Pierre Rudloff (prudloff)

drdam

Pierre Rudloff (prudloff)

Greg Knaddison (greggles)

Juraj Nemec (poker10)

Jess (xjm)