Drupal security advisory (AV25-255)

Serial number: AV25-255
Date: May 8, 2025

On May 7, 2025, Drupal published security advisories to address vulnerabilities in multiple products. Included were updates for the following:

  • Enterprise MFA - TFA for Drupal – versions prior to 4.7.0 and versions 5.0.0 to versions prior to 5.2.0
  • Restrict route by IP – versions prior to 1.3.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

Date modified: