Ref# ADV2025_183 | Date: Jul 4th 2025

---

Drupal has published a security advisory highlighting vulnerabilities in the following products on July 2nd, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Config Pages Viewer – versions prior to 1.0.4  

• Two-factor Authentication (TFA) – versions prior to 1.11.0 

For more information on these updates, you can follow these URLs: 

• Config Pages Viewer – Critical – Access bypass – SA-CONTRIB-2025-086 

• Two-factor Authentication (TFA) – Less critical – Access bypass – SA-CONTRIB-2025-085 

• Drupal Security Advisories 

The Guyana National CIRT recommends that users and administrators review these updates and apply it where necessary. 

PDF Download: Drupal Security Advisory

References 

• Drupal Security Advisories. (July 2nd, 2025). Retrieved from Drupal. https://www.drupal.org/security  

• Drupal Security Advisory. (July 3rd, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-389