CVE-2025-31674

HIGH EPSS 39.0%

Published Mar 31, 20251y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 31, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

CVSS Details

Base Score

7.5

Exploitability

1.6

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

39.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-913

CWE-915

Affected Products 4

Vendor	Product	Version	Range
drupal	drupal	*	≥8.0.0 – <10.3.13
drupal	drupal	*	≥10.4.0 – <10.4.3
drupal	drupal	*	≥11.0.0 – <11.0.12
drupal	drupal	*	≥11.1.0 – <11.1.3

References 1

drupal.org https://www.drupal.org/sa-core-2025-003

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.