Drupal security advisory (AV25-389)

Serial number: AV25-389
Date: July 3, 2025

On July 2, 2025, Drupal published security advisories to address vulnerabilities in the following products :

• Config Pages Viewer – versions prior to 1.0.4
• Two-factor Authentication (TFA) – versions prior to 1.11.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Config Pages Viewer - Critical - Access bypass - SA-CONTRIB-2025-086
• Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085
• Drupal Security Advisories