CVE-2025-31674
HIGHDescription
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.
Is your site exposed to CVE-2025-31674?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| drupal | drupal |
| drupal | drupal |
| drupal | drupal |
| drupal | drupal |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-31674? +
How severe is CVE-2025-31674? +
What products are affected by CVE-2025-31674? +
How do I check if I'm vulnerable to CVE-2025-31674? +
Related Vulnerabilities
9Router is an AI router & token saver. Prior to 0.5.4, the PATCH /api/settings endpoint writes the entire request body …
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. …
A Privilege Escalation through a Mass Assignment exists in Camaleon CMS When a user wishes to change his password, the …
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable …
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity …
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or …