Home

Description

Missing Authorization vulnerability in Drupal Config Pages allows Forceful Browsing.This issue affects Config Pages: from 0.0.0 before 2.18.0.

PUBLISHED Reserved 2025-07-30 | Published 2025-08-15 | Updated 2025-08-15 | Assigner drupal

Problem types

CWE-962 Missing Authorization

Product status

Default status
unaffected

0.0.0 before 2.18.0
affected

Credits

Pierre Rudloff (prudloff) finder

Pierre Rudloff (prudloff) remediation developer

Alexander Shumenko (shumer) remediation developer

Greg Knaddison (greggles) coordinator

Heine Deelstra (heine) coordinator

Jess (xjm) coordinator

References

www.drupal.org/sa-contrib-2025-093

cve.org (CVE-2025-8361)

nvd.nist.gov (CVE-2025-8361)

Download JSON