{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31675", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "state": "PUBLISHED", "assignerShortName": "drupal", "dateReserved": "2025-03-31T21:30:04.614Z", "datePublished": "2025-03-31T21:35:20.059Z", "dateUpdated": "2026-04-02T22:35:46.920Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-04-02T22:35:46.920Z"}, "title": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004", "datePublic": "2025-03-19T18:54:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"vendor": "Drupal", "product": "Drupal core", "collectionURL": "https://www.drupal.org/project/drupal", "repo": "https://git.drupalcode.org/project/drupal", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "10.3.14", "versionType": "semver"}, {"status": "affected", "version": "10.4.0", "lessThan": "10.4.5", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThan": "11.0.13", "versionType": "semver"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Drupal", "product": "Link", "collectionURL": "https://www.drupal.org/project/link", "repo": "https://git.drupalcode.org/project/link", "versions": [{"status": "affected", "version": "7.x-1.0", "lessThanOrEqual": "7.x-1.12", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.\u00a0It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).<p>This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.&nbsp;It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.</p>"}]}], "references": [{"url": "https://www.drupal.org/sa-core-2025-004", "tags": ["vendor-advisory"]}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675", "tags": ["third-party-advisory"]}, {"url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004", "tags": ["third-party-advisory"]}], "credits": [{"lang": "en", "value": "Samuel Mortenson (samuel.mortenson)", "type": "finder"}, {"lang": "en", "value": "Benji Fisher (benjifisher)", "type": "remediation developer"}, {"lang": "en", "value": "Bram Driesen (bramdriesen)", "type": "remediation developer"}, {"lang": "en", "value": "Alex Bronstein (effulgentsia)", "type": "remediation developer"}, {"lang": "en", "value": "Jen Lampton (jenlampton)", "type": "remediation developer"}, {"lang": "en", "value": "Lee Rowlands (larowlan)", "type": "remediation developer"}, {"lang": "en", "value": "Dave Long (longwave)", "type": "remediation developer"}, {"lang": "en", "value": "Drew Webber (mcdruid)", "type": "remediation developer"}, {"lang": "en", "value": "Joseph Zhao (pandaski)", "type": "remediation developer"}, {"lang": "en", "value": "Adam G-H (phenaproxima)", "type": "remediation developer"}, {"lang": "en", "value": "Samuel Mortenson (samuel.mortenson)", "type": "remediation developer"}, {"lang": "en", "value": "Jess (xjm)", "type": "remediation developer"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T18:21:31.894556Z", "id": "CVE-2025-31675", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T15:45:10.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T18:21:31.894556Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-29T15:45:06.701Z"}}], "cna": {"title": "Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Samuel Mortenson (samuel.mortenson)"}, {"lang": "en", "type": "remediation developer", "value": "Benji Fisher (benjifisher)"}, {"lang": "en", "type": "remediation developer", "value": "Bram Driesen (bramdriesen)"}, {"lang": "en", "type": "remediation developer", "value": "Alex Bronstein (effulgentsia)"}, {"lang": "en", "type": "remediation developer", "value": "Jen Lampton (jenlampton)"}, {"lang": "en", "type": "remediation developer", "value": "Lee Rowlands (larowlan)"}, {"lang": "en", "type": "remediation developer", "value": "Dave Long (longwave)"}, {"lang": "en", "type": "remediation developer", "value": "Drew Webber (mcdruid)"}, {"lang": "en", "type": "remediation developer", "value": "Joseph Zhao (pandaski)"}, {"lang": "en", "type": "remediation developer", "value": "Adam G-H (phenaproxima)"}, {"lang": "en", "type": "remediation developer", "value": "Samuel Mortenson (samuel.mortenson)"}, {"lang": "en", "type": "remediation developer", "value": "Jess (xjm)"}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 Cross-Site Scripting (XSS)"}]}], "affected": [{"repo": "https://git.drupalcode.org/project/drupal", "vendor": "Drupal", "product": "Drupal core", "versions": [{"status": "affected", "version": "8.0.0", "lessThan": "10.3.14", "versionType": "semver"}, {"status": "affected", "version": "10.4.0", "lessThan": "10.4.5", "versionType": "semver"}, {"status": "affected", "version": "11.0.0", "lessThan": "11.0.13", "versionType": "semver"}, {"status": "affected", "version": "11.1.0", "lessThan": "11.1.5", "versionType": "semver"}], "collectionURL": "https://www.drupal.org/project/drupal", "defaultStatus": "unaffected"}, {"repo": "https://git.drupalcode.org/project/link", "vendor": "Drupal", "product": "Link", "versions": [{"status": "affected", "version": "7.x-1.0", "versionType": "custom", "lessThanOrEqual": "7.x-1.12"}], "collectionURL": "https://www.drupal.org/project/link", "defaultStatus": "unaffected"}], "datePublic": "2025-03-19T18:54:00.000Z", "references": [{"url": "https://www.drupal.org/sa-core-2025-004", "tags": ["vendor-advisory"]}, {"url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675", "tags": ["third-party-advisory"]}, {"url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.\u00a0It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).<p>This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.&nbsp;It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "shortName": "drupal", "dateUpdated": "2026-04-02T22:35:46.920Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31675", "state": "PUBLISHED", "dateUpdated": "2026-04-02T22:35:46.920Z", "dateReserved": "2025-03-31T21:30:04.614Z", "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387", "datePublished": "2025-03-31T21:35:20.059Z", "assignerShortName": "drupal"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "5203ABED-9A31-41A8-9A2E-51114DB3806C", "versionEndExcluding": "10.3.14", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A7811E7-6793-4CE0-B866-B72B59415A5F", "versionEndExcluding": "10.4.5", "versionStartIncluding": "10.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "CDD587C1-9A62-4104-92B3-65B6E04BDC95", "versionEndExcluding": "11.0.13", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*", "matchCriteriaId": "13E1698C-D69F-4B55-B7B9-1E0F0A7888D6", "versionEndExcluding": "11.1.5", "versionStartIncluding": "11.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).This issue affects Drupal core: from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, from 11.1.0 before 11.1.5.\u00a0It also affects the Drupal 7 module from versions 7.x-1.0 through 7.x-1.12."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Drupal Drupal core permite Cross-Site Scripting (XSS). Este problema afecta al n\u00facleo de Drupal: desde la versi\u00f3n 8.0.0 hasta la 10.3.14, desde la versi\u00f3n 10.4.0 hasta la 10.4.5, desde la versi\u00f3n 11.0.0 hasta la 11.0.13, desde la versi\u00f3n 11.1.0 hasta la 11.1.5."}], "id": "CVE-2025-31675", "lastModified": "2026-04-02T23:17:04.443", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-31T22:15:20.003", "references": [{"source": "mlhess@drupal.org", "url": "https://d7es.tag1.com/security-advisories/link-moderately-critical-cross-site-scripting-sa-core-2025-004"}, {"source": "mlhess@drupal.org", "tags": ["Vendor Advisory"], "url": "https://www.drupal.org/sa-core-2025-004"}, {"source": "mlhess@drupal.org", "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-31675"}], "sourceIdentifier": "mlhess@drupal.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "mlhess@drupal.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T19:06:04.200854+00:00", "value": {"mitigation_remediation": ["Update Drupal core to at least 10.3.14, 10.4.5, 11.0.13, or 11.1.5, or later, and upgrade the Drupal\u00a07 Link module to 7.x-1.12 or newer.", "If upgrading immediately is not feasible, disable the Drupal\u00a07 Link module or restrict its usage to trusted accounts, and apply client\u2011side sanitization as a temporary measure.", "Deploy a strict Content Security Policy and validate or encode all user input before rendering it to mitigate potential XSS vectors."], "summary": {"action": "Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Drupal core from version 8.0.0 up to 10.3.13, from 10.4.0 up to 10.4.4, from 11.0.0 up to 11.0.12, and from 11.1.0 up to 11.1.4. It also impacts the Drupal\u00a07 Link module versions 7.x-1.0 through 7.x-1.12.", "description_and_impact": "An improperly neutralized input during web page generation in Drupal core permits cross\u2011site scripting (XSS). This flaw allows an attacker to inject and execute arbitrary JavaScript in the context of a victim\u2019s browser. Based on the description, the attack vector is inferred to be remote, reliant on the ability to submit content that is rendered without sufficient sanitization.", "risk_and_exploitability": "The CVSS score of 5.4 indicates moderate severity, while an EPSS score below 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA KEV. Based on the description, the attack vector is inferred to be remote, allowing an attacker who can submit content rendered without sufficient sanitization to inject malicious scripts."}}}}, "created": "2026-04-28T19:15:25.444038+00:00", "updated": "2026-04-28T19:15:25.444047+00:00", "vendors": []}