Ref# ADV2025_392 | Date: Oct 28th 2025

---

Drupal has published a security advisory highlighting a vulnerability in the following product on October 22nd, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• CivicTheme Design System – version prior to 1.12.0 

For more information on this update, you can follow this URL:
CivicTheme Design System – Moderately critical – Information disclosure – SA-CONTRIB-2025-112 

Security advisories CivicTheme Design System – Moderately critical – Cross-site Scripting – SA-CONTRIB-2025-113 

 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

References 

• Drupal Security Advisory. (October 22, 2025. Retrieved from Canadian Centre for Cyber Security.
  https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-694   

 

• Security advisories. (October 22, 2025). Retrieved from Drupal.
  https://www.drupal.org/security