CVE
CVE-2025-9954
This module enables you to connect a Drupal site to the Acquia DAM service, which syncs media from the third party service to the site.The module doesn't sufficiently validate authorization to a lis...
This module enables you to connect a Drupal site to the Acquia DAM service, which syncs media from the third party service to the site.
The module doesn't sufficiently validate authorization to a list of DAM assets currently synced to the website creating an access bypass vulnerability.
This vulnerability is mitigated by the fact that it only impacts sites where users having the “view media” permission accessing any DAM asset is undesirable.
CVSS risk score (experimental) 6.9 / Medium
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
7.5
-
3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
C
H
U
0
-
C
H
U
-
Related Resources
No items found.
References
https://www.drupal.org/sa-contrib-2025-105
Basic Information
Ecosystem
