Drupal has released security updates to address several vulnerabilities (CVE-2022-25270, CVE-2022-25271) affecting Drupal 9.3, 9.2 and 7. A remote attacker could exploit these vulnerabilities to trigger sensitive information disclosure and data manipulation on the targeted system.

According to Drupal security advisories, users are recommended to install the latest version:

• If you are using Drupal 9.3, update to Drupal 9.3.6
• If you are using Drupal 9.2, update to Drupal 9.2.13
• If you are using Drupal 7, update to Drupal 7.88

More information on vulnerabilities and updates is available in Drupal security advisories:

• sa-core-2022-003
• sa-core-2022-004