CVE-2025-31686: Drupal Open Social Missing Authorization vulnerability
(updated )
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing. This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
References
- github.com/advisories/GHSA-m9w8-wxvp-c9gv
- github.com/goalgorilla/open_social
- github.com/goalgorilla/open_social/commit/6830b1788616fc24fb3913ce88c5d997a363a5de
- github.com/goalgorilla/open_social/commit/6fa5181901d4be3a64793f29c6ce0c9bd535a42f
- nvd.nist.gov/vuln/detail/CVE-2025-31686
- www.drupal.org/sa-contrib-2025-015
Code Behaviors & Features
Detect and mitigate CVE-2025-31686 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →