CIRT.GY | Drupal Security Advisory (26th, September 2025)

Drupal Security Advisory (26th, September 2025)

Ref# ADV2025_335 | Date: Sep 26th 2025

Drupal published a security advisory highlighting vulnerabilities in the following product on September 24^th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated.

JSON Field – versions prior to 1.5
Plausible tracking – versions prior to 1.0.2
Access code – versions prior to 2.0.5
Umami Analytics – version prior to 1.0.1
Currency – versions prior to 3.5.0
Reverse Proxy Header – version prior to 1.1.2

For more information on this update, you can follow this URL:

https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-617

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary.

PDF Download: ADV2025_335 Drupal Security Advisory

References

Drupal Security advisories. (September 24^th, 2025). Retrieved from Canadian Centre for Cyber Security
https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-617

Security advisories. (September 24, 2025). Retrieved from Drupal Security advisories
https://www.drupal.org/security