Drupal security advisory (AV25-729)

Serial number: AV25-729
Date: November 7, 2025

On November 5, 2025, Drupal published security advisories to address vulnerabilities in the following products:

Email TFA – versions prior to 2.0.6
Simple multi step form – versions prior to 2.0.0

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116
Drupal Security Advisories

Date modified:: 2025-11-07

Language selection

Search

Drupal security advisory (AV25-729)