CVE-2025-7031

{"id": "CVE-2025-7031", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-07-08T21:15:28.907", "references": [{"url": "https://www.drupal.org/sa-contrib-2025-086", "tags": ["Third Party Advisory"], "source": "mlhess@drupal.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "mlhess@drupal.org", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4."}, {"lang": "es", "value": "La vulnerabilidad de autenticaci\u00f3n faltante para funciones cr\u00edticas en Drupal Config Pages Viewer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Visor de p\u00e1ginas de configuraci\u00f3n: desde la versi\u00f3n 0.0.0 hasta la 1.0.4."}], "lastModified": "2025-09-04T17:07:53.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:config_pages_viewer_project:config_pages_viewer:*:*:*:*:*:drupal:*:*", "vulnerable": true, "matchCriteriaId": "2B6F9219-10D5-4B0E-8EAA-0B75BD8137FB", "versionEndExcluding": "1.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "mlhess@drupal.org"}