As an academic group, we wanted to improve the look and feel of our website on a tight budget. The team at Project Ricochet was consistently responsive to our concerns and willing to help us meet our goals. They were transparent with their costs, which allowed us to pick and choose which features and changes we deemed most important. Thanks to this transparency, our new website is a substantial improvement over the old that we were able to achieve in a cost-effective fashion.
—Justin Inman, UCSF

Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068

Wed, 2025-05-21 10:29 — Anonymous (not verified)

Project: Admin Audit TrailDate: 2025-May-21Security risk: Less critical 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Denial of ServiceAffected versions: <1.0.5CVE IDs: CVE-2025-48448Description: The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events (login, logout, and password reset requests).
The module does not sufficiently limit some large values before logging the data.Solution: Install the latest version:

If you use the Admin Audit Trail module for Drupal 9/10/11, upgrade to Admin Audit Trail 1.0.5

Reported By:

Scott Phillips (scottatdrake)

Fixed By:

Rajab Natshah (rajab natshah)

Coordinated By:

Greg Knaddison (greggles) of the Drupal Security Team
Juraj Nemec (poker10) of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2025-068

Search form

Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068