DRUPAL-CONTRIB-2025-047

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/restrict_route_by_ip/DRUPAL-CONTRIB-2025-047.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2025-047
Aliases
  • CVE-2025-47701
Published
2025-05-07T17:06:16Z
Modified
2025-12-10T23:41:29.071940Z
Summary
[none]
Details

The Restrict route by IP module provides an interface to manage route restriction by IP address.

The module doesn't sufficiently protect certain routes from CSRF attacks.

This vulnerability is mitigated by the fact that you need to know the route machine name.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/restrict_route_by_ip

Package

Name
drupal/restrict_route_by_ip
Purl
pkg:composer/drupal/restrict_route_by_ip

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.0
Database specific 
{
    "constraint": "<1.3.0"
}

Database specific

source 
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/restrict_route_by_ip/DRUPAL-CONTRIB-2025-047.json"
affected_versions 
"<1.3.0"