CVE-2025-31675: 
PHP vulnerability analysis and mitigation

CVE-2025-31675 is a Cross-Site Scripting (XSS) vulnerability discovered in Drupal core that affects multiple versions of the software. The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation issue. This vulnerability affects Drupal core versions from 8.0.0 before 10.3.14, from 10.4.0 before 10.4.5, from 11.0.0 before 11.0.13, and from 11.1.0 before 11.1.5 (NVD).

The vulnerability is categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation), which allows for Cross-Site Scripting attacks. The issue stems from improper input validation in the web page generation process of Drupal core, potentially allowing malicious actors to inject and execute unauthorized scripts (NVD).

If exploited, this Cross-Site Scripting vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the affected user's browser (NVD).

Users are advised to upgrade to the latest secure version of Drupal core: version 10.3.14 for the 10.3.x branch, version 10.4.5 for the 10.4.x branch, version 11.0.13 for the 11.0.x branch, or version 11.1.5 for the 11.1.x branch (NVD).