Login Sign Up

CVE-2025-31675

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in Drupal core that allows attackers to inject malicious scripts into web pages. The vulnerability affects Drupal installations running affected versions, potentially compromising user sessions and data. All Drupal sites using vulnerable versions are at risk.

💻 Affected Systems

Products:
  • Drupal core
Versions: Drupal 8.0.0 to 10.3.13, 10.4.0 to 10.4.4, 11.0.0 to 11.0.12, 11.1.0 to 11.1.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All Drupal installations using affected versions are vulnerable regardless of configuration.

📦 What is this software?

Drupal by Drupal

View all CVEs affecting Drupal →

Drupal by Drupal

View all CVEs affecting Drupal →

Drupal by Drupal

View all CVEs affecting Drupal →

Drupal by Drupal

View all CVEs affecting Drupal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface websites, or redirect users to malicious sites, potentially leading to complete site compromise.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies or credentials, perform actions on behalf of users, or deliver malware through the compromised site.

🟢

If Mitigated

With proper input validation and output encoding controls, the impact is limited to potential script execution in specific contexts, but user data remains protected.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity and can be exploited without authentication in many cases.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Drupal 10.3.14, 10.4.5, 11.0.13, 11.1.5 or later

Vendor Advisory: https://www.drupal.org/sa-core-2025-004

Restart Required: No

Instructions:

1. Backup your Drupal site and database. 2. Update Drupal core to the patched version using Composer or manual update. 3. Clear all caches. 4. Verify the update was successful.

🔧 Temporary Workarounds

Input sanitization

all

Implement additional input validation and output encoding for user-supplied data

Content Security Policy

all

Implement strict CSP headers to mitigate XSS impact

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads
  • Restrict user input fields and implement strict output encoding

🔍 How to Verify

Check if Vulnerable:

Check Drupal version in admin/reports/status or via drush status command

Check Version:

drush status | grep 'Drupal version' or check admin/reports/status page

Verify Fix Applied:

Verify Drupal version is 10.3.14+, 10.4.5+, 11.0.13+, or 11.1.5+

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests with script tags or JavaScript payloads
  • Multiple failed input validation attempts

Network Indicators:

  • HTTP requests containing script tags or JavaScript in parameters
  • Unusual outbound connections from user browsers

SIEM Query:

web.logs: * AND (script OR javascript OR onload OR onerror) AND status:200

📊 Metadata

CVE ID: CVE-2025-31675
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.27% exploit probability (50.3th percentile)
Published: March 31, 2025
Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31675, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)