CVE-2025-7717

CVE-2025-7717: File Download - Moderately critical - Access bypass - SA-CONTRIB-2025-089

Vendor Drupal

Product File Download

Weakness CWE-862 · Missing authorization

Published July 21, 2025

Last update July 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Missing Authorization vulnerability in Drupal File Download allows Forceful Browsing.This issue affects File Download: from 0.0.0 before 1.9.0, from 2.0.0 before 2.0.1.

Key dates

02Disclosure timeline

July 21, 2025 CVE published

July 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7717 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2025-68593 WordPress WP Adminify plugin <= 4.0.6.1 - Broken Access Control vulnerability CVE-2025-3417 Embedder 1.3 - 1.3.5 - Authenticated (Subscriber+) Arbitrary Options Update CVE-2026-44554 Open WebUI: Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite CVE-2022-41790 WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control CVE-2023-25997 WordPress Sola Support Ticket <= 3.17 - Arbitrary Content Deletion Vulnerability

Identifiers

CVE CVE-2025-7717

CWE CWE-862

Affected versions

Vendor Drupal

Product File Download

Affected ≥ 0.0.0 and < 1.9.0

Vendor Drupal

Product File Download

Affected ≥ 2.0.0 and < 2.0.1