CVE-2025-7717

🗓️ 21 Jul 2025 16:37:14Reported by drupalType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 13 Views

Moderately critical CVE-2025-7717 allows access bypass in Drupal File Download before 1.9.0 and 2.0.1.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-7717	22 Jul 202514:32	–	circl
CNNVD	Drupal File Download 安全漏洞	21 Jul 202500:00	–	cnnvd
Cvelist	CVE-2025-7717 File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089	21 Jul 202516:37	–	cvelist
Drupal	File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089	16 Jul 202500:00	–	drupal
EUVD	EUVD-2025-22126	3 Oct 202520:07	–	euvd
NVD	CVE-2025-7717	21 Jul 202517:15	–	nvd
OSV	CVE-2025-7717	21 Jul 202517:15	–	osv
OSV	DRUPAL-CONTRIB-2025-089	16 Jul 202516:46	–	osv
Patchstack	Drupal File Download module < 1.9.0,2.0.0 - Unauthenticated Broken Access Control vulnerability	16 Jul 202500:00	–	patchstack
Positive Technologies	PT-2025-30312 · Drupal · Drupal File Download	21 Jul 202500:00	–	ptsecurity

NVD

Node

file_download_project file_downloadRange8.x-1.0–8.x-1.9drupal

file_download_project file_downloadMatch2.0.0drupal

[
  {
    "collectionURL": "https://www.drupal.org/project/file_download",
    "defaultStatus": "unaffected",
    "product": "File Download",
    "repo": "https://git.drupalcode.org/project/file_download",
    "vendor": "Drupal",
    "versions": [
      {
        "lessThan": "1.9.0",
        "status": "affected",
        "version": "0.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "2.0.1",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
drupal	www.drupal.org/sa-contrib-2025-089

26 Aug 2025 20:49Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.5

EPSS0.00287

SSVC

CWE-862