{ "schema_version": "1.4.0", "id": "GHSA-gf72-h4cp-wcm4", "modified": "2025-04-29T20:20:54Z", "published": "2025-04-01T00:30:34Z", "aliases": [ "CVE-2025-31685" ], "summary": "Drupal Open Social Missing Authorization vulnerability", "details": "Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing. This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "type": "CVSS_V4", "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U" } ], "affected": [ { "package": { "ecosystem": "Packagist", "name": "goalgorilla/open_social" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "12.3.11" } ] } ] }, { "package": { "ecosystem": "Packagist", "name": "goalgorilla/open_social" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "12.4.0" }, { "fixed": "12.4.10" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31685" }, { "type": "WEB", "url": "https://github.com/goalgorilla/open_social/commit/52c531e156fb8653e47ab99df432c4fb9651f36e" }, { "type": "WEB", "url": "https://github.com/goalgorilla/open_social/commit/6ebeed01c83dc4947a5c3689bc33b4deca574473" }, { "type": "PACKAGE", "url": "https://github.com/goalgorilla/open_social" }, { "type": "WEB", "url": "https://www.drupal.org/sa-contrib-2025-014" } ], "database_specific": { "cwe_ids": [ "CWE-862" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-02T15:11:50Z", "nvd_published_at": "2025-03-31T22:15:21Z" } }