CVE-2025-31673

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-863
View all →

Vulnerability Description

Incorrect Authorization vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, from 11.1.0 before 11.1.3.

Related Vulnerabilities

CVE-2017-16778

MEDIUM
CVSS:4.6(Medium)

An access control weakness in the DTMF tone receiver of Fermax Outdoor Panel allows physical attackers to inject a Dual-Tone-Multi-Frequency (DTMF) tone to invoke an access grant that would allow phys...

CWE-8632017

CVE-2018-7926

MEDIUM
CVSS:4.6(Medium)

Huawei Watch 2 with versions and earlier than OWDD.180707.001.E1 have an improper authorization vulnerability. Due to improper permission configuration for specific operations, an attacker who obtaine...

CWE-8632018

CVE-2018-7988

MEDIUM
CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone t...

CWE-8632018

CVE-2019-5220

MEDIUM
CVSS:4.6(Medium)

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step ...

CWE-8632019

CVE-2019-5231

MEDIUM
CVSS:4.6(Medium)

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts...

CWE-8632019

CVE-2020-0473

MEDIUM
CVSS:4.6(Medium)

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing an attacker with physical p...

CWE-8632020