Ricochet super-team Stephen Pope and Rick Destree were invaluable in upgrading the functionalities of the MarketTools corporate website, helping us implement new design elements and site structure, and launching a new website on very short notice when our business unit was acquired by Confirmit. Along the way, they taught me a lot about Drupal! Stephen’s help was critical in dealing with some difficult pre-existing server environment issues, and he went the extra mile many times to get us past the crunch points. I absolutely recommend Stephen and his team!
—Laura Newton

Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068

Wed, 2025-05-21 10:29 — Anonymous (not verified)

Project: Admin Audit TrailDate: 2025-May-21Security risk: Less critical 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:DefaultVulnerability: Denial of ServiceAffected versions: <1.0.5CVE IDs: CVE-2025-48448Description: The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events (login, logout, and password reset requests).
The module does not sufficiently limit some large values before logging the data.Solution: Install the latest version:

If you use the Admin Audit Trail module for Drupal 9/10/11, upgrade to Admin Audit Trail 1.0.5

Reported By:

Scott Phillips (scottatdrake)

Fixed By:

Rajab Natshah (rajab natshah)

Coordinated By:

Greg Knaddison (greggles) of the Drupal Security Team
Juraj Nemec (poker10) of the Drupal Security Team

Path to article https://www.drupal.org/sa-contrib-2025-068

Search form

Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068