Home

Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.

PUBLISHED Reserved 2025-05-28 | Published 2025-06-26 | Updated 2025-06-26 | Assigner drupal

Problem types

CWE-352 Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

0.0.0 (semver) before 12.3.14
affected

12.4.0 (semver) before 12.4.13
affected

Credits

Ivo Van Geertruyen (mr.baileys) finder

Alexander Varwijk (kingdutch) remediation developer

Robert Ragas (robertragas) remediation developer

Greg Knaddison (greggles) coordinator

References

www.drupal.org/sa-contrib-2025-079

cve.org (CVE-2025-48921)

nvd.nist.gov (CVE-2025-48921)

Download JSON