Cyber Resilience

CVE-2025-31677

High

Published: 31 March 2025

Published
31 March 2025
Modified
04 June 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0034 57.1th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31677 is a high-severity CSRF (CWE-352) vulnerability in Artificial Intelligence Project Artificial Intelligence. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 42.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Other Platforms; in the Other ATLAS/OWASP Terms risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-31677 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, in the Drupal AI (Artificial Intelligence) contributed module. This flaw affects versions of the module from 1.0.0 up to but not including 1.0.2 and has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability.

The vulnerability can be exploited by unauthenticated attackers over the network with low complexity, requiring only user interaction such as a victim visiting a malicious webpage. Authenticated Drupal users with the AI module enabled are at risk; an attacker can trick them into performing unintended state-changing actions on the site via forged requests, potentially leading to high-impact compromises like unauthorized data access, modification, or denial of service.

The official Drupal security advisory SA-CONTRIB-2025-003 at https://www.drupal.org/sa-contrib-2025-003 details the issue and recommends upgrading to Drupal AI (Artificial Intelligence) version 1.0.2 or later, which resolves the CSRF protection deficiency. Site administrators should also review access controls for the module and ensure CSRF tokens are properly enforced on relevant endpoints.

EU & UK References

Vulnerability details

Cross-Site Request Forgery (CSRF) vulnerability in Drupal AI (Artificial Intelligence) allows Cross Site Request Forgery.This issue affects AI (Artificial Intelligence): from 1.0.0 before 1.0.2.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai, artificial intelligence

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

CSRF vulnerability in the Drupal AI module, part of a public-facing web application, enables adversaries to exploit it for initial access by forging authenticated requests on behalf of victims.

CVEs Like This One

CVE-2025-31678Same product: Artificial Intelligence Project Artificial Intelligence
CVE-2026-3573Same product: Artificial Intelligence Project Artificial Intelligence
CVE-2024-7760Shared CWE-352
CVE-2024-37102Shared CWE-352
CVE-2024-37450Shared CWE-352
CVE-2025-23558Shared CWE-352
CVE-2025-68722Shared CWE-352
CVE-2025-31440Shared CWE-352
CVE-2025-23848Shared CWE-352
CVE-2025-22571Shared CWE-352

Affected Assets

artificial intelligence project
artificial intelligence
1.0.0 — 1.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires mechanisms such as CSRF tokens to protect session authenticity during state-changing operations, directly addressing the Drupal AI module's CSRF vulnerability.

prevent

Mandates timely remediation of identified flaws, such as upgrading the vulnerable Drupal AI module from versions before 1.0.2 to the patched 1.0.2 release.

prevent

Enforces validation of information inputs including CSRF tokens at system entry points to block forged requests exploiting the vulnerability.

References