CVE-2025-48921
EPSS 0.09%Published: 6/25/2025Modified: 3/18/2026
Also known as:DRUPAL-CONTRIB-2025-079
Description
Open Social is a Drupal distribution for online communities, which ships with a default module that allows users to enroll in events. The module doesn't sufficiently protect certain routes from Cross Site Request Forgery (CSRF) attacks. Users can be tricked into accepting or rejecting these enrollments. This issue only affects sites that have event enrollments enabled for an event.
Affected packages (1)
- Packagist/drupal/socialfrom 0, < 12.3.14 | >= 12.4.0, < 12.4.13