Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068

Project:

Admin Audit Trail

Date:

2025-May-21

Security risk:

Less critical 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default

Vulnerability:

Denial of Service

Affected versions:

<1.0.5

CVE IDs:

CVE-2025-48448

Description:

The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events (login, logout, and password reset requests).

The module does not sufficiently limit some large values before logging the data.

Solution:

Install the latest version:

If you use the Admin Audit Trail module for Drupal 9/10/11, upgrade to Admin Audit Trail 1.0.5

Reported By:

Scott Phillips (scottatdrake)

Fixed By:

Rajab Natshah (rajab natshah)

Coordinated By:

Greg Knaddison (greggles) of the Drupal Security Team
Juraj Nemec (poker10) of the Drupal Security Team

Contribution record

Admin Audit Trail - Less critical - Denial of Service - SA-CONTRIB-2025-068

Contact and more information

Contributing organizations for this advisory

News items

Our community

Documentation

Drupal code base

Governance of community