Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2025-February-26
Vulnerability:
Cross Site Request Forgery
Affected versions:
<1.2.1
CVE IDs:
CVE-2025-31690
Description:
The Cache Utility module provides an ability to view status and flush various caches.
The module doesn't sufficiently protect against Cross Site Request Forgery (CSRF) attacks by validating user identity and intent when flushing a cache.
Solution:
Install the latest version:
- If you use the Cache Utility module for Drupal 1.2.x, upgrade to Cache Utility 1.2.1
- If you use the Cache Utility module for Drupal 1.x, you can also upgrade to Cache Utility 1.3.0
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison (greggles) of the Drupal Security Team
