Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2025-May-21
Security risk:
Vulnerability:
Access bypass
Affected versions:
<2.0.0
CVE IDs:
CVE-2025-48444
Description:
This module provides a block to easily display a rendered node.
The module doesn't check access to content before displaying it to a visitor, allowing unauthorized users to retrieve a list of labels of all nodes.
Solution:
Update to the latest version.
- If you use the Quick Node Block module, update to Quick Node Block 2.0.1
Reported By:
Coordinated By:
- Greg Knaddison (greggles) of the Drupal Security Team
- Ivo Van Geertruyen (mr.baileys) of the Drupal Security Team
- Juraj Nemec (poker10) of the Drupal Security Team
