Missing Authorization Vulnerability in Drupal Quick Node Block
CVE-2025-48013

5.3MEDIUM

Key Information:

Vendor

Drupal

Vendor
CVE Published:
11 June 2025

What is CVE-2025-48013?

A significant missing authorization flaw exists in the Quick Node Block, a module for Drupal, allowing attackers to exploit forceful browsing techniques. This vulnerability impacts versions from 0.0.0 up to but not including 2.0.0, potentially allowing unauthorized access to sensitive functionalities. It is crucial for users of affected versions to update promptly to mitigate security risks associated with this issue.

Affected Version(s)

Quick Node Block 0.0.0 < 2.0.0

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mitch Portier (arkener)
Mitch Portier (arkener)
Antonio Sánchez (saesa)
Greg Knaddison (greggles)
Ivo Van Geertruyen (mr.baileys)
Juraj Nemec (poker10)
.
CVE-2025-48013 : Missing Authorization Vulnerability in Drupal Quick Node Block