Intel/AIKIDO-2025-10492
drupal/file_download
AIKIDO-2025-10492
drupal/file_download is vulnerable to Access Bypass
Access BypassCVE-2025-7717
60
Medium Risk
This Affects:
drupal/file_download1.0.0 - 1.8.0
Fixed in 1.9.02.0.0 - 2.0.0
Fixed in 2.0.1TL;DR
Affected versions of this package are vulnerable to access bypass. The File Download module does not properly validate input when processing file access requests, potentially allowing users to bypass restrictions and access private files that should remain inaccessible.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
drupal/file_download is vulnerable to Access Bypass in versions 1.0.0 - 1.8.0 and 2.0.0 - 2.0.0.
How to fix this
Upgrade the drupal/file_download library to the patch version.
Get Secure Now
Secure your code, cloud, and runtime environments in one central system. Find and fix vulnerabilities automatically.
No credit card required | Scan results in 32secs.
Resources
Industries
Use Cases
Compare
© 2026 Aikido Security BV | BE0792914919
Keizer Karelstraat 15, 9000, Ghent, Belgium
95 Third St, 2nd Fl, San Francisco, CA 94103, US
Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK
Ghent, Belgium | San Francisco, US
SOC 2Compliant
ISO 27001Compliant