View online: https://www.drupal.org/sa-contrib-2025-064 Project: Quick Node Block [1] Date: 2025-May-21 Security risk: *Moderately critical* 11 ∕ 25 AC:Basic/A:None/CI:Some/II:None/E:Theoretical/TD:Uncommon [2] Vulnerability: Access bypass Affected versions: <2.0.0 CVE IDs: CVE-2025-48444 Description:  This module provides a block to easily display a rendered node. The module doesn't check access to content before displaying it to a visitor, allowing unauthorized users to retrieve a list of labels of all nodes. Solution:  Update to the latest version. * If you use the Quick Node Block module, update to Quick Node Block 2.0.1 [3] Reported By:  * Mitch Portier (arkener) [4] Fixed By:  * Mitch Portier (arkener) [5] * Antonio Sánchez (saesa) [6] Coordinated By:  * Greg Knaddison (greggles) [7] of the Drupal Security Team * Ivo Van Geertruyen (mr.baileys) [8] of the Drupal Security Team * Juraj Nemec (poker10) [9] of the Drupal Security Team [1] https://www.drupal.org/project/quick_node_block [2] https://www.drupal.org/security-team/risk-levels [3] https://www.drupal.org/project/quick_node_block/releases/2.0.1 [4] https://www.drupal.org/u/arkener [5] https://www.drupal.org/u/arkener [6] https://www.drupal.org/u/saesa [7] https://www.drupal.org/u/greggles [8] https://www.drupal.org/u/mrbaileys [9] https://www.drupal.org/u/poker10