Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2025-August-06
Vulnerability:
Server-side Request Forgery
Affected versions:
<1.0.6
CVE IDs:
CVE-2025-8675
Description:
This module enables you to provide SEO analysis and recommendations for a given URL.
The module doesn't sufficiently sanitize user-supplied URLs, leading to a Server-side request forgery (SSRF) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access seo analyzer".
Solution:
Install the latest version:
- If you use the AI SEO Link Advisor module 1.0.x, upgrade to AI SEO Link Advisor 1.0.6
Reported By:
Coordinated By:
- Benji Fisher (benjifisher) of the Drupal Security Team
- catch (catch) of the Drupal Security Team
- Damien McKenna (damienmckenna) of the Drupal Security Team
- Greg Knaddison (greggles) of the Drupal Security Team
