CVE-2025-31684 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Drupal OAuth2 Client module, affecting versions prior to 4.1.3. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged HTTP request to a web application in which the user is currently authenticated. In this case, the OAuth2 Client module in Drupal does not adequately verify the origin or intent of requests, enabling attackers to perform unauthorized actions on behalf of the user without their consent. The vulnerability is classified under CWE-352, which specifically addresses CSRF issues. The CVSS 3.1 base score is 6.8, indicating a medium severity level, with the vector string AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H. This means the attack can be executed remotely over the network, requires high attack complexity, no privileges, but does require user interaction. The impact affects integrity and availability, but not confidentiality. Exploitation could lead to unauthorized modification of OAuth2 client configurations or disruption of OAuth2 authentication flows, potentially causing denial of service or unauthorized privilege escalation within the affected Drupal environment. No known exploits are currently reported in the wild, and no official patches have been linked yet, though the fixed version is 4.1.3 or later. This vulnerability is particularly relevant for Drupal installations that use the OAuth2 Client module to integrate with external identity providers or services, which is common in enterprise and government web applications.

For European organizations, the impact of this vulnerability can be significant, especially for those relying on Drupal-based web portals for critical business operations, customer identity management, or internal authentication workflows. Exploitation could allow attackers to manipulate OAuth2 authentication flows, potentially granting unauthorized access or disrupting service availability. This could lead to service outages, loss of trust from users, and compliance issues under regulations such as GDPR if user data or authentication integrity is compromised. Organizations in sectors such as finance, healthcare, public administration, and e-commerce, which often use OAuth2 for secure authentication, may face operational disruptions and reputational damage. Additionally, the medium severity and requirement for user interaction mean targeted phishing or social engineering campaigns could be used to trigger the exploit, increasing risk in environments with less user security awareness.

1. Upgrade the Drupal OAuth2 Client module to version 4.1.3 or later immediately once available to apply the official fix. 2. Implement strict Content Security Policy (CSP) headers to restrict the origins from which requests can be made to the Drupal instance, reducing the risk of CSRF attacks. 3. Employ anti-CSRF tokens in all state-changing requests within the OAuth2 Client workflows, ensuring that requests are validated for authenticity. 4. Conduct user awareness training focused on phishing and social engineering to reduce the likelihood of users inadvertently triggering CSRF attacks. 5. Monitor web server logs and application logs for unusual OAuth2 client configuration changes or suspicious request patterns indicative of CSRF exploitation attempts. 6. Where possible, restrict OAuth2 client administrative actions to IP ranges or VPNs to limit exposure. 7. Use web application firewalls (WAFs) with rules tuned to detect and block CSRF attack patterns targeting Drupal OAuth2 Client endpoints. 8. Regularly audit and review OAuth2 client configurations and access controls to detect unauthorized changes promptly.