Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3131

Cross-Site Request Forgery (CSRF) vulnerability in Drupal ECA: Event - Condition - Action allows Cross Site Request Forgery.This issue affects ECA: Event - Condition - Action: from 0.0.0 before 1.1.12, from 2.0.0 before 2.0.16, from 2.1.0 before 2.1.7, from 0.0.0 before 1.2.*.

Published

2025-04-09T18:15:50.950

Last Modified

2025-04-22T16:16:30.543

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-352
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	drupal	eca\	< 1.1.12	Yes
Application	drupal	eca\	< 2.0.16	Yes
Application	drupal	eca\	< 2.1.7	Yes

References

https://www.drupal.org/sa-contrib-2025-031 Vendor Advisory ([email protected])