We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-31674

Drupal core - Moderately critical - Gadget Chain - SA-CORE-2025-003



Description

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

Reserved 2025-03-31 | Published 2025-03-31 | Updated 2025-04-03 | Assigner drupal

Problem types

CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes

Product status

Default status
unaffected

8.0.0 before 10.3.13
affected

10.4.0 before 10.4.3
affected

11.0.0 before 11.0.12
affected

11.1.0 before 11.1.3
affected

Credits

anzuukino finder

shin24 finder

ghost of drupal past remediation developer

Dave Long (longwave) remediation developer

Drew Webber (mcdruid) remediation developer

nicxvan remediation developer

shin24 remediation developer

References

www.drupal.org/sa-core-2025-003

cve.org (CVE-2025-31674)

nvd.nist.gov (CVE-2025-31674)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-31674

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.