The Malaysia Computer Emergency Response Team (MyCERT) has reported several Drupal vulnerabilities within its AI module, specifically affecting versions prior to 1.0.5. This issue, outlined in a MyCERT advisory (MA-1292.032025), has raised cybersecurity concerns regarding potential remote code execution risks and the overall security of Drupal-powered websites. MyCERT has recommended that all users and administrators of Drupal promptly apply the necessary security updates to mitigate these risks.
Overview of the Drupal Vulnerabilities
Drupal, a popular open-source content management system (CMS), recently issued an urgent security advisory concerning critical vulnerabilities within its AI Automators module, a submodule of the broader Drupal AI project. These Drupal vulnerabilities could allow an attacker to exploit the system and execute remote code, a scenario that could lead to severe consequences, including unauthorized access to sensitive data and full system control.
The Drupal vulnerabilities in question are associated with the insufficient sanitization of inputs within the AI Automators module, which processes large language model (LLM) outputs to automate various tasks, including filling out field data. Specifically, the flaw arises when input is passed to the underlying shell without proper sanitization, enabling attackers to run arbitrary commands.
Impacted Versions:
- AI Automators Module: All versions prior to 1.0.5.
Types of Vulnerabilities
There are two distinct vulnerabilities detailed in the advisory:
- Critical Remote Code Execution (RCE) Vulnerability: The most severe issue identified is the potential for remote code execution. Due to improper input sanitization, attackers can inject malicious commands into the system, which the shell then executes. This allows cybercriminals to run arbitrary commands on Drupal-powered sites, compromising their integrity and security.
- Moderately Critical Gadget Chain Vulnerability: This vulnerability involves a PHP Object Injection issue within the AI Automators module. While this flaw is not directly exploitable, if combined with other vulnerabilities, it could lead to arbitrary file deletion and even escalate to remote code execution in some cases. However, exploiting this vulnerability requires additional weaknesses in the system to allow unsafe input to be passed to the unserialize() function, making it less immediately dangerous than the first vulnerability.
Recommendation for Users and Administrators
Considering these vulnerabilities in Drupal AI, MyCERT has strongly urged all users and administrators to take immediate action to secure their Drupal websites. The most effective measure is to update to the latest version of the AI Automators module (1.0.5), which contains patches addressing both the critical remote code execution and moderately critical gadget chain vulnerabilities.
Steps to Secure Drupal Websites
- Review Drupal Security Releases: Users and administrators should review the security releases provided by Drupal to stay informed about updates and patches.
- Upgrade to Version 1.0.5: If your Drupal site uses the AI Automators module, immediately upgrade to version 1.0.5 to resolve the vulnerabilities. The latest version contains essential fixes that prevent attackers from exploiting these flaws.
- Monitor Security Bulletins: Stay up to date with new security advisories from Drupal, including potential patches for other vulnerabilities that may arise.
The official advisory issued by Drupal outlines the full details of the vulnerabilities, including their severity ratings and the steps required to mitigate them. The advisory can be accessed on Drupal’s security page: Drupal Security Advisory SA-CONTRIB-2025-021.
Conclusion
These Drupal AI vulnerabilities highlight the importance of urgent patching in modern web applications. As the use of AI in content management systems becomes more widespread, securing these technologies against potential attacks is more important than ever. Drupal administrators should heed the advice from MyCERT and ensure they are running the latest versions of the AI Automators module to protect against remote code execution and other security threats.
By applying the necessary updates and staying informed about security patches, Drupal users can protect their websites from potential exploits. As the Drupal community continues to develop, addressing vulnerabilities in Drupal AI and other modules remains a top priority for both developers and security professionals alike.
