CVE-2025-31678

CVE-2025-31678 is a missing authorization vulnerability, classified under CWE-862, in the Drupal AI (Artificial Intelligence) module that enables forceful browsing. This issue affects all versions of the AI module from 0.0.0 up to but excluding 1.0.3. The vulnerability carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H), indicating high severity primarily due to its potential for significant availability disruption.

Remote attackers require no privileges or user interaction and can exploit the flaw over the network with low attack complexity. Exploitation allows limited access to confidential information alongside high-impact denial of service, such as resource exhaustion or service disruption on affected Drupal sites running vulnerable AI module versions.

The official Drupal security advisory at https://www.drupal.org/sa-contrib-2025-004 details the issue and recommends updating the AI (Artificial Intelligence) module to version 1.0.3 or later as the primary mitigation.

This vulnerability occurs in a Drupal module handling artificial intelligence features, highlighting potential risks in AI-integrated web applications. No public information on real-world exploitation is available as of the CVE publication on 2025-03-31.