CVE-2025-31689

Published: Mar 31, 2025Modified: Sep 2, 2025

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Cross-Site Request Forgery (CSRF) vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2.

Affected (2)

Products: General Data Protection Regulation Project: General Data Protection Regulation

General Data Protection Regulation Project

1 product

General Data Protection Regulation

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
General Data Protection Regulation Project General Data Protection Regulation	Before 3.0.1
General Data Protection Regulation Project General Data Protection Regulation	From 3.1.0 to 3.1.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://www.drupal.org/sa-contrib-2025-018

Source: mlhess@drupal.org

Third Party Advisory

Timeline

No history available yet.