CVE Daily

CVE-2025-7717

Missing Authorization vulnerability in Drupal File Download allows Forceful Brow...

High CVSS 7.5

Overview

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1.

CWE: CWE-862 Published: 2025-07-21T17:15:38.223
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.5 (HIGH)
  • Detected tags: drupal, misconfiguration (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

Tags