CVE-2025-31685: Drupal Open Social Missing Authorization vulnerability
(updated )
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing. This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
References
- github.com/advisories/GHSA-gf72-h4cp-wcm4
- github.com/goalgorilla/open_social
- github.com/goalgorilla/open_social/commit/52c531e156fb8653e47ab99df432c4fb9651f36e
- github.com/goalgorilla/open_social/commit/6ebeed01c83dc4947a5c3689bc33b4deca574473
- nvd.nist.gov/vuln/detail/CVE-2025-31685
- www.drupal.org/sa-contrib-2025-014
Code Behaviors & Features
Detect and mitigate CVE-2025-31685 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →