Drupal has issued a security update which fixes a number of critical flaws in the website management platform's core engine. According to Drupal's security advisory, multiple vulnerabilities have been discovered in the CMS platform, some of which are deemed critical. The most severe security flaw, CVE-2017-6925, is an access bypass bug in the Drupal 8 Core engine's entity access system without a Universal Unique Identifier (UUID) which could allow attackers to range freely in the system. Drupal says that should the vulnerability be exploited, attackers are able to view, create, update or delete entities.