CVE-2025-48921 Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079

🗓️ 26 Jun 2025 13:32:44Reported by drupalType

CVE-2025-48921 in Open Social allows Cross Site Request Forgery for versions before 12.4.13.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-48921	26 Jun 202513:51	–	circl
CNNVD	Drupal Open Social 安全漏洞	26 Jun 202500:00	–	cnnvd
CVE	CVE-2025-48921	26 Jun 202513:32	–	cve
Drupal	Open Social - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-079	25 Jun 202500:00	–	drupal
EUVD	EUVD-2025-19189	3 Oct 202520:07	–	euvd
NVD	CVE-2025-48921	26 Jun 202514:15	–	nvd
OSV	CVE-2025-48921	26 Jun 202514:15	–	osv
OSV	DRUPAL-CONTRIB-2025-079	25 Jun 202518:41	–	osv
Patchstack	Drupal Open Social module < 12.3.14,12.4.0-12.4.12 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability	25 Jun 202500:00	–	patchstack
Positive Technologies	PT-2025-26959 · Unknown · Open Social	26 Jun 202500:00	–	ptsecurity

[
  {
    "collectionURL": "https://www.drupal.org/project/social",
    "defaultStatus": "unaffected",
    "product": "Open Social",
    "repo": "https://git.drupalcode.org/project/social",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThan": "12.3.14",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "12.4.13",
        "status": "affected",
        "version": "12.4.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
drupal	www.drupal.org/sa-contrib-2025-079

26 Jun 2025 13:32Current

EPSS0.00161

CWE-352

cve-2025-48921 cross site request forgery open social vulnerability