CVE-2025-48013 (GCVE-0-2025-48013)

Vulnerability from cvelistv5 – Published: 2025-06-11 14:20 – Updated: 2025-06-11 15:26
VLAI?
Title
Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065
Summary
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Drupal Quick Node Block Affected: 0.0.0 , < 2.0.0 (semver)
Create a notification for this product.
Credits
Mitch Portier (arkener) Mitch Portier (arkener) Antonio Sánchez (saesa) Greg Knaddison (greggles) Ivo Van Geertruyen (mr.baileys) Juraj Nemec (poker10)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-48013",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T15:25:57.573785Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T15:26:57.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/quick_node_block",
          "defaultStatus": "unaffected",
          "product": "Quick Node Block",
          "repo": "https://git.drupalcode.org/project/quick_node_block",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "affected",
              "version": "0.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Mitch Portier (arkener)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Mitch Portier (arkener)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Antonio S\u00e1nchez (saesa)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison (greggles)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Ivo  Van Geertruyen (mr.baileys)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec (poker10)"
        }
      ],
      "datePublic": "2025-05-21T17:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.\u003cp\u003eThis issue affects Quick Node Block: from 0.0.0 before 2.0.0.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-87",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-87 Forceful Browsing"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T14:20:06.254Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2025-065"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2025-48013",
    "datePublished": "2025-06-11T14:20:06.254Z",
    "dateReserved": "2025-05-14T17:45:12.225Z",
    "dateUpdated": "2025-06-11T15:26:57.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-48013\",\"sourceIdentifier\":\"mlhess@drupal.org\",\"published\":\"2025-06-11T15:15:41.830\",\"lastModified\":\"2025-06-20T14:46:12.807\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.\"},{\"lang\":\"es\",\"value\":\"La vulnerabilidad de autorizaci\u00f3n faltante en Drupal Quick Node Block permite una navegaci\u00f3n forzada. Este problema afecta a Quick Node Block: desde la versi\u00f3n 0.0.0 hasta la 2.0.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"mlhess@drupal.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quick_node_block_project:quick_node_block:2.0.x:dev:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"A34D45B6-2BA2-48DD-B5C3-68586BE8179C\"}]}]}],\"references\":[{\"url\":\"https://www.drupal.org/sa-contrib-2025-065\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48013\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-11T15:25:57.573785Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-11T15:26:50.951Z\"}}], \"cna\": {\"title\": \"Quick Node Block - Moderately critical - Access bypass - SA-CONTRIB-2025-065\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Mitch Portier (arkener)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Mitch Portier (arkener)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Antonio S\\u00e1nchez (saesa)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Greg Knaddison (greggles)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Ivo  Van Geertruyen (mr.baileys)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Juraj Nemec (poker10)\"}], \"impacts\": [{\"capecId\": \"CAPEC-87\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-87 Forceful Browsing\"}]}], \"affected\": [{\"repo\": \"https://git.drupalcode.org/project/quick_node_block\", \"vendor\": \"Drupal\", \"product\": \"Quick Node Block\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2.0.0\", \"versionType\": \"semver\"}], \"collectionURL\": \"https://www.drupal.org/project/quick_node_block\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-05-21T17:28:00.000Z\", \"references\": [{\"url\": \"https://www.drupal.org/sa-contrib-2025-065\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.\u003cp\u003eThis issue affects Quick Node Block: from 0.0.0 before 2.0.0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"shortName\": \"drupal\", \"dateUpdated\": \"2025-06-11T14:20:06.254Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-48013\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-11T15:26:57.249Z\", \"dateReserved\": \"2025-05-14T17:45:12.225Z\", \"assignerOrgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"datePublished\": \"2025-06-11T14:20:06.254Z\", \"assignerShortName\": \"drupal\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.