{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-7031", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-07-02T16:07:06.702Z", "datePublished": "2025-07-08T20:54:28.253Z", "dateUpdated": "2025-07-10T14:15:57.161Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://www.drupal.org/project/config_pages_viewer", "defaultStatus": "unaffected", "product": "Config Pages Viewer", "repo": "https://git.drupalcode.org/project/config_pages_viewer", "vendor": "Drupal", "versions": [{"lessThan": "1.0.4", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pierre Rudloff (prudloff)"}, {"lang": "en", "type": "remediation developer", "value": "drdam"}, {"lang": "en", "type": "remediation developer", "value": "Pierre Rudloff (prudloff)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "datePublic": "2025-07-02T17:37:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.</p>"}], "value": "Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-07-08T20:54:28.253Z"}, "references": [{"url": "https://www.drupal.org/sa-contrib-2025-086"}], "source": {"discovery": "UNKNOWN"}, "title": "Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-10T14:15:12.628992Z", "id": "CVE-2025-7031", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T14:15:57.161Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-7031", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-10T14:15:12.628992Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T14:15:38.863Z"}}], "cna": {"title": "Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Pierre Rudloff (prudloff)"}, {"lang": "en", "type": "remediation developer", "value": "drdam"}, {"lang": "en", "type": "remediation developer", "value": "Pierre Rudloff (prudloff)"}, {"lang": "en", "type": "coordinator", "value": "Greg Knaddison (greggles)"}, {"lang": "en", "type": "coordinator", "value": "Juraj Nemec (poker10)"}, {"lang": "en", "type": "coordinator", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/config_pages_viewer", "vendor": "Drupal", "product": "Config Pages Viewer", "versions": [{"status": "affected", "version": "0.0.0", "lessThan": "1.0.4", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/config_pages_viewer", "defaultStatus": "unaffected"}], "datePublic": "2025-07-02T17:37:00.000Z", "references": [{"url": "https://www.drupal.org/sa-contrib-2025-086"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.", "supportingMedia": [{"type": "text/html", "value": "Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2025-07-08T20:54:28.253Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7031", "state": "PUBLISHED", "dateUpdated": "2025-07-10T14:15:57.161Z", "dateReserved": "2025-07-02T16:07:06.702Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2025-07-08T20:54:28.253Z", "assignerShortName": "drupal"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:config_pages_viewer_project:config_pages_viewer:*:*:*:*:*:drupal:*:*", "matchCriteriaId": "2B6F9219-10D5-4B0E-8EAA-0B75BD8137FB", "versionEndExcluding": "1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function vulnerability in Drupal Config Pages Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Config Pages Viewer: from 0.0.0 before 1.0.4."}, {"lang": "es", "value": "La vulnerabilidad de autenticaci\u00f3n faltante para funciones cr\u00edticas en Drupal Config Pages Viewer permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Visor de p\u00e1ginas de configuraci\u00f3n: desde la versi\u00f3n 0.0.0 hasta la 1.0.4."}], "id": "CVE-2025-7031", "lastModified": "2025-09-04T17:07:53.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-08T21:15:28.907", "references": [{"source": "mlhess@drupal.org", "tags": ["Third Party Advisory"], "url": "https://www.drupal.org/sa-contrib-2025-086"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "mlhess@drupal.org", "type": "Secondary"}]}

{}