Drupal security advisory (AV25-469)

Serial number: AV25-469
Date: July 30, 2025

On July 30, 2025, Drupal published security advisories to address vulnerabilities in the following products:

• Config Pages – versions prior to 2.18.0
• GoogleTag Manager – versions prior to 1.10.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Config Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-093
• GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094
• Drupal Security Advisories