CVE-2025-31674 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
drupal	CNA	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Vendor	Product	Version
drupal	drupal	8.0.0 ≤ 𝑥 < 10.3.13
drupal	drupal	10.4.0 ≤ 𝑥 < 10.4.3
drupal	drupal	11.0.0 ≤ 𝑥 < 11.0.12
drupal	drupal	11.1.0 ≤ 𝑥 < 11.1.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
CWE-913 - Improper Control of Dynamically-Managed Code Resources
The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions or statements.

References

https://www.drupal.org/sa-core-2025-003