Missing Authorization Vulnerability in Drupal Quick Node Block
CVE-2025-48013
5.3MEDIUM
What is CVE-2025-48013?
A significant missing authorization flaw exists in the Quick Node Block, a module for Drupal, allowing attackers to exploit forceful browsing techniques. This vulnerability impacts versions from 0.0.0 up to but not including 2.0.0, potentially allowing unauthorized access to sensitive functionalities. It is crucial for users of affected versions to update promptly to mitigate security risks associated with this issue.
Affected Version(s)
Quick Node Block 0.0.0 < 2.0.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mitch Portier (arkener)
Mitch Portier (arkener)
Antonio Sánchez (saesa)
Greg Knaddison (greggles)
Ivo Van Geertruyen (mr.baileys)
Juraj Nemec (poker10)