Ref# ADV2025_199 | Date: Jul 15th 2025

---

Drupal has published a security advisory highlighting vulnerabilities in the following products on July 9th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Cookies Addons – versions prior to 1.2.4 
• Mail_login 3.x – versions prior to 3.2.0 
• Mail_login 4.x – versions prior to 4.2.0 

For more information on these updates, you can follow these URLs: 

• Cookies Addons – Moderately critical – Cross-site Scripting – SA-CONTRIB-2025-087 
• Mail Login – Critical – Access bypass – SA-CONTRIB-2025-088 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: ADV2025_199 Drupal Security Advisory

References 

• Drupal Security Advisories. (July 9th, 2025). Retrieved from Drupal. https://www.drupal.org/security 
• Drupal Security Advisory. (July 10th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-416