MyCERT, the Malaysia Computer Emergency Response Team, has recently issued an advisory (MA-1292.032025) highlighting critical vulnerabilities within the AI module of Drupal, specifically affecting versions prior to 1.0.5. These vulnerabilities pose serious cybersecurity risks, particularly in terms of remote code execution and overall website security.
According to the advisory, Drupal, a widely used open-source content management system, identified vulnerabilities within its AI Automators module, a submodule of the broader Drupal AI project. The vulnerabilities stem from inadequate sanitization of inputs within the AI Automators module, which processes large language model outputs to automate various tasks, including filling out field data. The flaw arises when input is passed to the underlying shell without proper sanitization, enabling attackers to run arbitrary commands.
The impacted versions of the AI Automators module are all versions prior to 1.0.5, making it important for users and administrators to take immediate action to secure their Drupal websites. MyCERT strongly recommends updating to the latest version of the AI Automators module to mitigate the risks associated with these vulnerabilities.
The advisory outlined two main vulnerabilities:
1. Critical Remote Code Execution (RCE) Vulnerability: This vulnerability allows attackers to inject malicious commands into the system due to inadequate input sanitization, leading to unauthorized access and compromised website security.
2. Moderately Critical Gadget Chain Vulnerability: This vulnerability involves a PHP Object Injection issue within the AI Automators module, which could potentially escalate to remote code execution when combined with other vulnerabilities.
To secure Drupal websites, users and administrators are advised to review Drupal security releases, upgrade to version 1.0.5 of the AI Automators module, and monitor security bulletins for any additional vulnerabilities. The official advisory issued by Drupal provides detailed information on the vulnerabilities and recommended mitigation steps (Drupal Security Advisory SA-CONTRIB-2025-021).
The importance of promptly addressing these vulnerabilities in Drupal AI cannot be overstated, especially as the use of AI in content management systems becomes more prevalent. By following MyCERT’s recommendations and staying updated on security patches, Drupal users can safeguard their websites from potential exploits and cyber threats.
As the Drupal community continues to evolve, ensuring the security of Drupal AI and other modules remains a top priority for developers and security professionals. By implementing necessary updates and remaining vigilant about security measures, users can fortify their websites against security vulnerabilities.
In conclusion, proactive measures such as timely updates and adherence to security protocols are essential in safeguarding Drupal websites against malicious attacks. The collaboration between security experts and developers is crucial in addressing vulnerabilities and maintaining the integrity of Drupal-powered sites.