View online: https://www.drupal.org/sa-contrib-2025-068
Project: Admin Audit Trail [1] Date: 2025-May-21 Security risk: *Less critical* 9 ∕ 25 AC:Basic/A:None/CI:None/II:None/E:Theoretical/TD:Default [2] Vulnerability: Denial of Service
Affected versions: <1.0.5 CVE IDs: CVE-2025-48448 Description: The Admin Audit Trail module tracks logs of specific events that you'd like to review. When the submodule Admin Audit Trail: User Authentication is enabled, it logs user authentication events (login, logout, and password reset requests).
The module does not sufficiently limit some large values before logging the data.
Solution: Install the latest version:
* If you use the Admin Audit Trail module for Drupal 9/10/11, upgrade to Admin Audit Trail 1.0.5 [3]
Reported By: * Scott Phillips (scottatdrake) [4]
Fixed By: * Rajab Natshah (rajab natshah) [5]
Coordinated By: * Greg Knaddison (greggles) [6] of the Drupal Security Team * Juraj Nemec (poker10) [7] of the Drupal Security Team
[1] https://www.drupal.org/project/admin_audit_trail [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/admin_audit_trail/releases/1.0.5 [4] https://www.drupal.org/u/scottatdrake [5] https://www.drupal.org/u/rajab-natshah [6] https://www.drupal.org/u/greggles [7] https://www.drupal.org/u/poker10