CVE-2025-31673: 
PHP vulnerability analysis and mitigation

Incorrect Authorization vulnerability identified in Drupal core (CVE-2025-31673) allows Forceful Browsing. The vulnerability affects multiple versions of Drupal core: from 8.0.0 before 10.3.13, from 10.4.0 before 10.4.3, from 11.0.0 before 11.0.12, and from 11.1.0 before 11.1.3. The issue was disclosed on March 31, 2025 (NVD).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863) that enables unauthorized forceful browsing attacks. While specific technical exploitation details are limited in public sources, the vulnerability appears to be related to improper access control mechanisms in Drupal core that could allow attackers to bypass intended authorization restrictions (CVE Mitre).

The vulnerability could potentially allow attackers to access restricted content or functionality through forceful browsing techniques, bypassing intended access controls. This could lead to unauthorized access to sensitive information or functionality within Drupal-powered websites.

Users are strongly advised to upgrade to the latest patched versions: 10.3.13 or later for the 10.3.x series, 10.4.3 or later for the 10.4.x series, 11.0.12 or later for the 11.0.x series, or 11.1.3 or later for the 11.1.x series (NVD).