CVE-2025-31674

High

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object…

drupal·CWE-915·Published 2025-03-31

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

279 chars

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

NVDen

279 chars

OSV.deven

279 chars

GHSAen

279 chars

NVDes

326 chars

Vulnerabilidad de modificación incorrectamente controlada de atributos de objetos determinados dinámicamente en Drupal Drupal core permite la inyección de objetos. Este problema afecta al núcleo de Drupal: desde 8.0.0 antes de 10.3.13, desde 10.4.0 antes de 10.4.3, desde 11.0.0 antes de 11.0.12, desde 11.1.0 antes de 11.1.3.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0	Secondary	GHSA	4.5	—	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U