diff --git a/frappe/utils/response.py b/frappe/utils/response.py
index 9fe10545d1..5be201499b 100644
--- a/frappe/utils/response.py
+++ b/frappe/utils/response.py
@@ -265,6 +265,9 @@ def download_backup(path):
 def download_private_file(path: str) -> Response:
 	"""Checks permissions and sends back private file"""
 
+	if frappe.session.user == "Guest":
+		raise Forbidden(_("You don't have permission to access this file"))
+
 	files = frappe.get_all("File", filters={"file_url": path}, fields="*")
 	# this file might be attached to multiple documents
 	# if the file is accessible from any one of those documents