Serial number: AV25-750
Date: November 13, 2025
On November 12, 2025, Drupal published security advisories to address vulnerabilities in the following product:
- Drupal core – version 8.0.0 to versions prior to 10.4.9, version 10.5.0 to versions prior to 10.5.6, version 11.0.0 to versions prior to 11.1.9 and version 11.2.0 to versions prior to 11.2.8
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.
- Drupal core - Moderately critical - Information disclosure - SA-CORE-2025-008
- Drupal core - Moderately critical - Denial of Service - SA-CORE-2025-005
- Drupal core - Moderately critical - Gadget chain - SA-CORE-2025-006
- Drupal core - Moderately critical - Defacement - SA-CORE-2025-007
- Drupal Security Advisories