Cross-Site Request Forgery Vulnerability in Drupal Restrict Route by IP
CVE-2025-47701

8.8HIGH

Key Information:

Vendor: Drupal
Status: Restrict Route By Ip
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-47701?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Drupal module 'Restrict route by IP'. This issue allows attackers to perform unauthorized actions on behalf of an authenticated user. The vulnerability affects all versions of the module prior to 1.3.0. It is crucial for website administrators to update the module to mitigate potential risks and ensure the security of their web applications.

Affected Version(s)

Restrict route by IP 0.0.0 < 1.3.0

References

https://www.drupal.org/sa-contrib-2025-047

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
May 7, 2025

Credit

Juraj Nemec (poker10)

lozbes

Greg Knaddison (greggles)

Juraj Nemec (poker10)