CVE-2025-31673

{"id": "CVE-2025-31673", "cveTags": [], "metrics": {}, "published": "2025-03-31T22:15:19.773", "references": [{"url": "https://www.drupal.org/sa-core-2025-002", "source": "mlhess@drupal.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "mlhess@drupal.org", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3."}], "lastModified": "2025-04-01T20:26:22.890", "sourceIdentifier": "mlhess@drupal.org"}