CVE-2025-31691 – OAuth2 Server - Moderately critical - Access bypass - SA-CONTRIB-2025-020

https://notcve.org/view.php?id=CVE-2025-31691

31 Mar 2025 — Missing Authorization vulnerability in Drupal OAuth2 Server allows Forceful Browsing.This issue affects OAuth2 Server: from 0.0.0 before 2.1.0. • https://www.drupal.org/sa-contrib-2025-020 • CWE-862: Missing Authorization •