Missing Authorization Vulnerability in Drupal Quick Node Block
CVE-2025-48013

5.3MEDIUM

Key Information:

Vendor: Drupal
Status: Quick Node Block
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-48013?

A significant missing authorization flaw exists in the Quick Node Block, a module for Drupal, allowing attackers to exploit forceful browsing techniques. This vulnerability impacts versions from 0.0.0 up to but not including 2.0.0, potentially allowing unauthorized access to sensitive functionalities. It is crucial for users of affected versions to update promptly to mitigate security risks associated with this issue.

Affected Version(s)

Quick Node Block 0.0.0 < 2.0.0

References

https://www.drupal.org/sa-contrib-2025-065

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
May 14, 2025

Credit

Mitch Portier (arkener)

Antonio Sánchez (saesa)

Greg Knaddison (greggles)

Ivo Van Geertruyen (mr.baileys)

Juraj Nemec (poker10)