High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2025-31677
High
Low
Medium
High
Critical
8.8
CVSS Score
Vulnerability Description
Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
2 configuration(s) from 1 vendor(s)
artificial_intelligence
Version:
1.0.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.0:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.1:*:*:*:*:drupal:*:*
This vulnerability affects 2 software configuration(s). Ensure you patch all affected systems.
References & Resources
Severity Details
8.8
out of 10.0
High
Weakness Type (CWE)
CWE-352
Top 25 #4
Cross-Site Request Forgery (CSRF)
- Description
- The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- OWASP Top 10
- A01:2021-Broken Access Control
- Abstraction Level
- Compound
Key Information
- Published Date
- March 31, 2025
