CNNVD-202507-2683 Information

CNNVD ID

CNNVD-202507-2683

Related CVE

CVE-2025-7717

• CNNVD Published: 2025-07-21

Description (Chinese)

Drupal File Download是Drupal社区的一个文件下载插件。 Drupal File Download 1.9.0之前版本和2.0.1之前版本存在安全漏洞，该漏洞源于缺少授权，可能导致强制浏览攻击。

Description (English)

Drupal File Download is a file download plugin for the Drupal community. There is a security loophole in the pre-Drupal File Download 1.9.0, and in the pre-Direct 2.0.1, which stems from a lack of authorization and may lead to forced browsing attacks.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Drupal

Published

2025-07-21

Last Modified

2026-02-24

References

https://www.drupal.org/sa-contrib-2025-089 https://nvd.nist.gov/vuln/detail/CVE-2025-7717 https://vigilance.fr/vulnerability/Drupal-File-Download-file-reading-dated-17-07-2025-47730

Patch

https://www.drupal.org/sa-contrib-2025-089