Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-3628 (GCVE-0-2025-3628)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 16:01
VLAI
EPSS
Title
Moodle: moodle assignment submission search leaks anonymous student identities
Summary
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3628 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359706 | issue-trackingx_refsource_REDHAT |
Date Public
2025-04-22 12:00
Credits
Red Hat would like to thank Eliot for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:14.123677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:01:05.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eliot for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:45.242Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3628"
},
{
"name": "RHBZ#2359706",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T09:43:40.253Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Moodle: moodle assignment submission search leaks anonymous student identities",
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3628",
"datePublished": "2025-04-25T14:42:45.242Z",
"dateReserved": "2025-04-15T09:43:34.108Z",
"dateUpdated": "2025-04-25T16:01:05.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-3628",
"date": "2026-05-27",
"epss": "0.00361",
"percentile": "0.58386"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-3628\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2025-04-25T15:15:37.057\",\"lastModified\":\"2025-06-24T16:19:13.647\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Moodle que permite desanonimizar las entregas de tareas an\u00f3nimas mediante una b\u00fasqueda, revelando as\u00ed la identidad de los estudiantes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.5.4\",\"matchCriteriaId\":\"F12B5C6F-A83C-488C-9C26-3C9A61F93618\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-3628\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2359706\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3628\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T15:43:14.123677Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T15:43:16.152Z\"}}], \"cna\": {\"title\": \"Moodle: moodle assignment submission search leaks anonymous student identities\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Eliot for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.4\", \"versionType\": \"semver\"}], \"packageName\": \"moodle\", \"collectionURL\": \"https://git.moodle.org\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-15T09:43:40.253000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-04-22T12:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-04-22T12:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-3628\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2359706\", \"name\": \"RHBZ#2359706\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2025-04-25T14:42:45.242Z\"}, \"x_redhatCweChain\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-3628\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-25T16:01:05.623Z\", \"dateReserved\": \"2025-04-15T09:43:34.108Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2025-04-25T14:42:45.242Z\", \"assignerShortName\": \"fedora\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
BDU:2025-05109
Vulnerability from fstec - Published: 22.04.2025
VLAI
Title
Уязвимость виртуальной обучающей среды Moodle, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость виртуальной обучающей среды Moodle связана с недостаточной защитой служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию
Severity
Vendor
ООО «Ред Софт», Мартин Дугамас
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Moodle
Software Version
7.3 (РЕД ОС), от 4.5.0 до 4.5.4 (Moodle)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Moodle :
https://moodle.org/mod/forum/discuss.php?d=467595
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://access.redhat.com/security/cve/cve-2025-3628
https://moodle.org/mod/forum/discuss.php?d=467595
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-200
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041c\u0430\u0440\u0442\u0438\u043d \u0414\u0443\u0433\u0430\u043c\u0430\u0441",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 4.5.0 \u0434\u043e 4.5.4 (Moodle)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Moodle :\nhttps://moodle.org/mod/forum/discuss.php?d=467595\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.04.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-05109",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-3628",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Moodle",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2025-3628\nhttps://moodle.org/mod/forum/discuss.php?d=467595\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
bit-moodle-2025-3628
Vulnerability from bitnami_vulndb
Published
2026-01-26 14:49
Modified
2026-01-26 15:09
Summary
Moodle: moodle assignment submission search leaks anonymous student identities
Details
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "moodle",
"purl": "pkg:bitnami/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0"
},
{
"fixed": "4.5.4"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-3628"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.",
"id": "BIT-moodle-2025-3628",
"modified": "2026-01-26T15:09:56.435Z",
"published": "2026-01-26T14:49:34.772Z",
"references": [
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3628"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3628"
}
],
"schema_version": "1.6.2",
"summary": "Moodle: moodle assignment submission search leaks anonymous student identities"
}
CNVD-2025-10582
Vulnerability from cnvd - Published: 2025-05-26
VLAI
Title
Moodle信息泄露漏洞
Description
Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle存在信息泄露漏洞,该漏洞源于匿名作业提交可通过搜索去匿名化,攻击者可利用该漏洞导致学生身份泄露。
Severity
中
Patch Name
Moodle信息泄露漏洞的补丁
Patch Description
Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle存在信息泄露漏洞,该漏洞源于匿名作业提交可通过搜索去匿名化,攻击者可利用该漏洞导致学生身份泄露。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://download.moodle.org/releases/latest/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-3628
Impacted products
| Name | moodle Moodle |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-3628",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-3628"
}
},
"description": "Moodle\u662fMoodle\u5f00\u6e90\u7684\u4e00\u5957\u514d\u8d39\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\n\nMoodle\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u533f\u540d\u4f5c\u4e1a\u63d0\u4ea4\u53ef\u901a\u8fc7\u641c\u7d22\u53bb\u533f\u540d\u5316\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5b66\u751f\u8eab\u4efd\u6cc4\u9732\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://download.moodle.org/releases/latest/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-10582",
"openTime": "2025-05-26",
"patchDescription": "Moodle\u662fMoodle\u5f00\u6e90\u7684\u4e00\u5957\u514d\u8d39\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u533f\u540d\u4f5c\u4e1a\u63d0\u4ea4\u53ef\u901a\u8fc7\u641c\u7d22\u53bb\u533f\u540d\u5316\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u5b66\u751f\u8eab\u4efd\u6cc4\u9732\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Moodle\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "moodle Moodle"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-3628",
"serverity": "\u4e2d",
"submitTime": "2025-05-07",
"title": "Moodle\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2025-3628
Vulnerability from fkie_nvd - Published: 2025-04-25 15:15 - Updated: 2025-06-24 16:19
Severity
Summary
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
References
| URL | Tags | ||
|---|---|---|---|
| patrick@puiterwijk.org | https://access.redhat.com/security/cve/CVE-2025-3628 | Third Party Advisory | |
| patrick@puiterwijk.org | https://bugzilla.redhat.com/show_bug.cgi?id=2359706 | Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Moodle que permite desanonimizar las entregas de tareas an\u00f3nimas mediante una b\u00fasqueda, revelando as\u00ed la identidad de los estudiantes."
}
],
"id": "CVE-2025-3628",
"lastModified": "2025-06-24T16:19:13.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "patrick@puiterwijk.org",
"type": "Secondary"
}
]
},
"published": "2025-04-25T15:15:37.057",
"references": [
{
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3628"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706"
}
],
"sourceIdentifier": "patrick@puiterwijk.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "patrick@puiterwijk.org",
"type": "Secondary"
}
]
}
GHSA-69M9-RPRC-2X7G
Vulnerability from github – Published: 2025-04-25 15:31 – Updated: 2025-04-25 16:35
VLAI
Summary
Moodle reveals student identities through assignment submissions search on anonymous submissions
Details
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity
4.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0-beta"
},
{
"fixed": "4.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-3628"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-25T16:35:47Z",
"nvd_published_at": "2025-04-25T15:15:37Z",
"severity": "MODERATE"
},
"details": "A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.",
"id": "GHSA-69m9-rprc-2x7g",
"modified": "2025-04-25T16:35:47Z",
"published": "2025-04-25T15:31:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3628"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/5c703f7b4944dd0cc940ca20adfd91e6a2d98a66"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3628"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle reveals student identities through assignment submissions search on anonymous submissions"
}
WID-SEC-W-2025-0862
Vulnerability from csaf_certbund - Published: 2025-04-21 22:00 - Updated: 2025-04-21 22:00Summary
Moodle: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuführen, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuführen und weitere nicht näher spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
References
18 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://moodle.org/mod/forum/discuss.php?d=467592 | external |
| https://moodle.org/mod/forum/discuss.php?d=467593 | external |
| https://moodle.org/mod/forum/discuss.php?d=467594 | external |
| https://moodle.org/mod/forum/discuss.php?d=467595 | external |
| https://moodle.org/mod/forum/discuss.php?d=467596 | external |
| https://moodle.org/mod/forum/discuss.php?d=467597 | external |
| https://moodle.org/mod/forum/discuss.php?d=467598 | external |
| https://moodle.org/mod/forum/discuss.php?d=467599 | external |
| https://moodle.org/mod/forum/discuss.php?d=467600 | external |
| https://moodle.org/mod/forum/discuss.php?d=467601 | external |
| https://moodle.org/mod/forum/discuss.php?d=467602 | external |
| https://moodle.org/mod/forum/discuss.php?d=467603 | external |
| https://moodle.org/mod/forum/discuss.php?d=467604 | external |
| https://moodle.org/mod/forum/discuss.php?d=467605 | external |
| https://moodle.org/mod/forum/discuss.php?d=467606 | external |
| https://moodle.org/mod/forum/discuss.php?d=467607 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuf\u00fchren und weitere nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0862 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0862.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0862 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0862"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0013 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0014 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0015 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0016 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0017 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0018 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0019 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0020 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0021 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0022 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0023 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0024 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0025 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0026 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0027 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0028 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-21T22:00:00.000+00:00",
"generator": {
"date": "2025-04-22T12:14:24.703+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0862",
"initial_release_date": "2025-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.5.4",
"product": {
"name": "Open Source Moodle \u003c4.5.4",
"product_id": "T043029"
}
},
{
"category": "product_version",
"name": "4.5.4",
"product": {
"name": "Open Source Moodle 4.5.4",
"product_id": "T043029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.5.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.4.8",
"product": {
"name": "Open Source Moodle \u003c4.4.8",
"product_id": "T043031"
}
},
{
"category": "product_version",
"name": "4.4.8",
"product": {
"name": "Open Source Moodle 4.4.8",
"product_id": "T043031-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.4.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.3.12",
"product": {
"name": "Open Source Moodle \u003c4.3.12",
"product_id": "T043032"
}
},
{
"category": "product_version",
"name": "4.3.12",
"product": {
"name": "Open Source Moodle 4.3.12",
"product_id": "T043032-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.18",
"product": {
"name": "Open Source Moodle \u003c4.1.18",
"product_id": "T043033"
}
},
{
"category": "product_version",
"name": "4.1.18",
"product": {
"name": "Open Source Moodle 4.1.18",
"product_id": "T043033-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.18"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40446",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2024-40446"
},
{
"cve": "CVE-2025-3625",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3625"
},
{
"cve": "CVE-2025-3627",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3627"
},
{
"cve": "CVE-2025-3628",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3628"
},
{
"cve": "CVE-2025-3634",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3634"
},
{
"cve": "CVE-2025-3635",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3635"
},
{
"cve": "CVE-2025-3636",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3636"
},
{
"cve": "CVE-2025-3637",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3637"
},
{
"cve": "CVE-2025-3638",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3638"
},
{
"cve": "CVE-2025-3640",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3640"
},
{
"cve": "CVE-2025-3641",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3641"
},
{
"cve": "CVE-2025-3642",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3642"
},
{
"cve": "CVE-2025-3643",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3643"
},
{
"cve": "CVE-2025-3644",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3644"
},
{
"cve": "CVE-2025-3645",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3645"
},
{
"cve": "CVE-2025-3647",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3647"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…