Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31691

Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0.

Published

2025-03-31T22:15:21.737

Last Modified

2025-09-02T18:35:15.883

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses
  • Type: Secondary
    CWE-862
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application oauth2_server_project oauth2_server < 2.1.0 Yes
References