Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068
Project: Admin Audit TrailDate: 2025-May-21Security risk: Less critical 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Denial of ServiceAffected versions: <1.0.5CVE IDs: CVE-2025-48448Description: The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events (login, logout, and password reset requests).
The module does not sufficiently limit some large values before logging the data.Solution: Install the latest version:
- If you use the Admin Audit Trail module for Drupal 9/10/11, upgrade to Admin Audit Trail 1.0.5
Reported By:
Fixed By:
Coordinated By:
- Greg Knaddison (greggles) of the Drupal Security Team
- Juraj Nemec (poker10) of the Drupal Security Team