Missing Authorization Vulnerability in Acquia DAM by Drupal
CVE-2025-9954

7.5HIGH

Key Information:

Vendor: Drupal
Status: Acquia Dam
Vendor: CVE Published:; 29 October 2025

What is CVE-2025-9954?

A missing authorization vulnerability in Acquia DAM allows for forceful browsing, enabling attackers to access restricted content without proper verification. This issue impacts versions of Acquia DAM prior to 1.1.5, highlighting the need for immediate update to safeguard sensitive data and ensure compliance.

Affected Version(s)

Acquia DAM 0.0.0 < 1.1.5

References

https://www.drupal.org/sa-contrib-2025-105

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Sep 3, 2025

Credit

Brandon Goodwin (bgoodie)

Chris Burge (chris burge)

Todd Woofenden (toddwoof)

Chris Burge (chris burge)

Damien McKenna (damienmckenna)

Jakob P (japerry)

Todd Woofenden (toddwoof)

cilefen (cilefen)

Greg Knaddison (greggles)

Cathy Theys (yesct)

JSON