Missing Authorization Issue in Drupal Quick Node Block
CVE-2025-48444

5.3MEDIUM

Key Information:

Vendor: Drupal
Status: Quick Node Block
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-48444?

The Drupal Quick Node Block component is vulnerable due to a missing authorization check, which can lead to forceful browsing. This flaw allows unauthorized users to access and manipulate content that should be restricted, potentially exposing sensitive data. It is crucial for users of Quick Node Block versions prior to 2.0.0 to update their installations promptly to mitigate this security risk.

Affected Version(s)

Quick Node Block 0.0.0 < 2.0.0

References

https://www.drupal.org/sa-contrib-2025-064

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
May 21, 2025

Credit

Mitch Portier (arkener)

Antonio Sánchez (saesa)

Greg Knaddison (greggles)

Ivo Van Geertruyen (mr.baileys)

Juraj Nemec (poker10)