CVE-2025-31681: Drupal Authenticator Login Missing Authorization vulnerability

April 1, 2025 (updated April 29, 2025)

Missing Authorization vulnerability in Drupal Authenticator Login allows Forceful Browsing. This issue affects Authenticator Login: from 0.0.0 before 2.0.6.

References

git.drupalcode.org/project/alogin
github.com/advisories/GHSA-jwpx-6c4p-q4jq
nvd.nist.gov/vuln/detail/CVE-2025-31681
www.drupal.org/sa-contrib-2025-009

Code Behaviors & Features

Detect and mitigate CVE-2025-31681 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →