CIRT.GY | Drupal Security Advisory (December 9th, 2025)

Drupal Security Advisory (December 9th, 2025)

Ref# ADV2025_412 | Date: Dec 9th 2025

Drupal published security advisories to address vulnerabilities in the following products on December 3, 2025. It is recommended that you take these necessary precautions by ensuring your products are always updated.

Mini site – versions prior to 3.0.2
CKEditor 5 Premium Features – multiple versions
AI (Artificial Intelligence) – multiple versions
Login Time Restriction – versions prior to 1.0.3
Tagify – versions prior to 1.2.44
js – versions prior to 1.6.4, version 2.0.0 to version prior to 2.0.1
Entity Share – versions prior to 3.x-3.13, versions prior to 3.13.0
Disable Login Page – versions prior to 1.1.3

For more information on these updates, you can follow this URL:

Drupal Security Advisories

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Drupal Security Advisory

References

Security advisories | Drupal.org. (n.d.). https://www.drupal.org/security
Drupal Security Advisory. (December 3^rd, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/drupal-security-advisory-av25-806