Serial number: AV25-255
Date: May 8, 2025
On May 7, 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were updates for the following:
- Enterprise MFA - TFA for Drupal – versions prior to 4.7.0 and versions 5.0.0 to versions prior to 5.2.0
- Restrict route by IP – versions prior to 1.3.0
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.
- Restrict route by IP - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-047
- Enterprise MFA - TFA for Drupal - Critical - Cross Site Request Forgery - SA-CONTRIB-2025-054
- Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-0554
- Enterprise MFA - TFA for Drupal - Critical - Access bypass - SA-CONTRIB-2025-056
- Drupal Security Advisories