CVE-2025-31690 – This CSRF vulnerability in Drupal Cache Utility... (How to Fix)

Q: What is the severity of CVE-2025-31690?

CVE-2025-31690 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in Drupal Cache Utility allows attackers to trick authenticated users into performing unintended actions on their behalf. It affects all Drupal sites using Cache Utility versions before 1.2.1. The vulnerability enables attackers to manipulate cache operations through forged requests.

📋 TL;DR

This CSRF vulnerability in Drupal Cache Utility allows attackers to trick authenticated users into performing unintended actions on their behalf. It affects all Drupal sites using Cache Utility versions before 1.2.1. The vulnerability enables attackers to manipulate cache operations through forged requests.

💻 Affected Systems

Products:

Drupal Cache Utility

Versions: 0.0.0 through 1.2.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Drupal sites with Cache Utility module installed and enabled.

📦 What is this software?

Cache Utility by Cache Utility Project

View all CVEs affecting Cache Utility →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate cache content, potentially poisoning cache with malicious data that affects all site visitors, leading to data integrity issues or content manipulation.

🟠

Likely Case

Attackers trick administrators into performing unauthorized cache operations, potentially clearing or modifying cache entries that could disrupt site functionality.

🟢

If Mitigated

With proper CSRF protections and user awareness, impact is limited to unsuccessful attack attempts with no actual cache manipulation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to trick authenticated users into clicking malicious links or visiting compromised sites.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.2.1

Vendor Advisory: https://www.drupal.org/sa-contrib-2025-019

Restart Required: No

Instructions:

1. Update Cache Utility module to version 1.2.1 via Drupal's update manager. 2. Clear Drupal cache. 3. Verify module functionality.

🔧 Temporary Workarounds

CSRF Token Enforcement

all

Implement custom CSRF token validation for Cache Utility operations

🧯 If You Can't Patch

Disable Cache Utility module if not essential
Implement web application firewall rules to detect CSRF patterns

🔍 How to Verify

Check if Vulnerable:

Check Cache Utility module version in Drupal admin at /admin/modules or via drush: drush pm-list | grep cache_utility

Check Version:

drush pm-list --fields=name,version | grep cache_utility

Verify Fix Applied:

Confirm Cache Utility version is 1.2.1 or higher and test cache operations with CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple cache operation requests without referrer headers
Cache operations from unexpected user agents or IPs

Network Indicators:

POST requests to cache endpoints without CSRF tokens
Cache operations originating from external domains

SIEM Query:

web_requests WHERE (uri CONTAINS '/cache' OR uri CONTAINS '/admin/config/development/performance') AND csrf_token IS NULL

📊 Metadata

CVE ID: CVE-2025-31690

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.09% exploit probability (26.2th percentile)

Published: March 31, 2025

Last Updated: September 2, 2025

🔗 References

https://www.drupal.org/sa-contrib-2025-019 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31690, you might also want to check these: