Drupal has released security updates to address vulnerabilities (CVE-2022-25275, CVE-2022-25278, CVE-2022-25277, CVE-2022-25276) affecting Drupal versions 7, 9.3 and 9.4. An attacker could exploit some of these vulnerabilities to trigger information disclosure, remote code execution, cross-site scripting and security restriction bypass on the targeted system.

According to Drupal security advisories, users are recommended to install the latest version:

• If you are using Drupal 9.4, update to Drupal 9.4.3.
• If you are using Drupal 9.3, update to Drupal 9.3.19.
• If you are using Drupal 7, update to Drupal 7.91.

More information on vulnerabilities and updates is available in Drupal security advisories:

• SA-CORE-2022-012
• SA-CORE-2022-013
• SA-CORE-2022-014
• SA-CORE-2022-015