- 186/2025
- Critical
Drupal has released security updates to fix several vulnerabilities across multiple Drupal versions.
The addressed vulnerabilities could allow the attacker to conduct cross-site scripting attacks, perform server-side request forgery attacks, bypass security restrictions, or gain access to the affected products.
Sample of the addressed vulnerabilities:
Authenticator Login Module for Drupal (SA-CONTRIB-2025-096) Security Bypass Vulnerability (CVE-2025-8995):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2025-8996
- CVE-2025-8995
- CVE-2025-8675
- CVE-2025-8362
- CVE-2025-8361
- CVE-2025-8092
- CVE-2025-7716
- CVE-2025-7715
- CVE-2025-7717
- CVE-2025-7393
- CVE-2025-7392
- CVE-2025-7031
- CVE-2025-7030
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.