DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-31678

High

Low Medium High Critical

8.2

CVSS Score

Published: Mar 31, 2025

Last Modified: Jun 04, 2025

CWE: CWE-862

Vulnerability Description

Missing Authorization vulnerability in Drupal AI (Artificial Intelligence) allows Forceful Browsing.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.3.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

3 configuration(s) from 1 vendor(s)

artificial_intelligence

Version:

1.0.0

CPE:

cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.0:*:*:*:*:drupal:*:*

artificial_intelligence

Version:

1.0.2

CPE:

cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.2:*:*:*:*:drupal:*:*

artificial_intelligence

Version:

1.0.1

CPE:

cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.1:*:*:*:*:drupal:*:*

This vulnerability affects 3 software configuration(s). Ensure you patch all affected systems.

References & Resources

https://www.drupal.org/sa-contrib-2025-004
mlhess@drupal.org Vendor Advisory

Severity Details

8.2

out of 10.0

High

Weakness Type (CWE)

CWE-862 Top 25 #8

Missing Authorization

Description: The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Exploit Likelihood: High
Typical Severity: High
OWASP Top 10: A01:2021-Broken Access Control
Abstraction Level: Class