Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-3644 (GCVE-0-2025-3644)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:31
VLAI
EPSS
Title
Moodle: ajax section delete does not respect course_can_delete_section()
Summary
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3644 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359745 | issue-trackingx_refsource_REDHAT |
| https://moodle.org/mod/forum/discuss.php?d=467605 |
Impacted products
Date Public
2025-04-22 12:00
Credits
Red Hat would like to thank James E. Calder for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:51.876613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:21.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank James E. Calder for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:20.709Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3644"
},
{
"name": "RHBZ#2359745",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T12:53:42.862Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Moodle: ajax section delete does not respect course_can_delete_section()",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3644",
"datePublished": "2025-04-25T14:43:12.816Z",
"dateReserved": "2025-04-15T12:53:20.080Z",
"dateUpdated": "2025-04-28T16:31:20.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-3644",
"date": "2026-05-27",
"epss": "0.00317",
"percentile": "0.54872"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-3644\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2025-04-25T15:15:38.280\",\"lastModified\":\"2025-06-24T15:59:15.037\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una falla en Moodle. Se requirieron comprobaciones adicionales para evitar que los usuarios eliminaran secciones del curso que no ten\u00edan permiso para modificar.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.18\",\"matchCriteriaId\":\"245F0D61-A209-4129-AEA5-C8E1600F5202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.12\",\"matchCriteriaId\":\"BF438B80-5736-46ED-897E-726B563F8E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.8\",\"matchCriteriaId\":\"E758F51B-ADBF-406E-92A8-98090BE83C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.5.4\",\"matchCriteriaId\":\"F12B5C6F-A83C-488C-9C26-3C9A61F93618\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-3644\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2359745\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=467605\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3644\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T15:42:51.876613Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T15:42:53.231Z\"}}], \"cna\": {\"title\": \"Moodle: ajax section delete does not respect course_can_delete_section()\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank James E. Calder for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"4.4.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"lessThan\": \"4.3.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.18\", \"versionType\": \"semver\"}], \"packageName\": \"moodle\", \"collectionURL\": \"https://git.moodle.org\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-15T12:53:42.862Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-04-22T12:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-04-22T12:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-3644\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2359745\", \"name\": \"RHBZ#2359745\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://moodle.org/mod/forum/discuss.php?d=467605\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2025-04-28T16:31:20.709Z\"}, \"x_redhatCweChain\": \"CWE-863: Incorrect Authorization\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-3644\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-28T16:31:20.709Z\", \"dateReserved\": \"2025-04-15T12:53:20.080Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2025-04-25T14:43:12.816Z\", \"assignerShortName\": \"fedora\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
BDU:2025-05099
Vulnerability from fstec - Published: 22.04.2025
VLAI
Title
Уязвимость функции course_can_delete_section() виртуальной обучающей среды Moodle, позволяющая нарушителю повысить свои привилегии
Description
Уязвимость функции course_can_delete_section() виртуальной обучающей среды Moodle связана с недостатками механизма авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии
Severity
Vendor
Мартин Дугамас
Software Name
Moodle
Software Version
от 4.5.0 до 4.5.4 (Moodle), от 4.4.0 до 4.4.8 (Moodle), от 4.3.4 до 4.3.12 (Moodle), от 4.1.0 до 4.1.18 (Moodle)
Possible Mitigations
Использование рекомендаций:
https://moodle.org/mod/forum/discuss.php?d=467605
Reference
https://access.redhat.com/security/cve/cve-2025-3644
https://moodle.org/mod/forum/discuss.php?d=467605
CWE
CWE-863
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041c\u0430\u0440\u0442\u0438\u043d \u0414\u0443\u0433\u0430\u043c\u0430\u0441",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 4.5.0 \u0434\u043e 4.5.4 (Moodle), \u043e\u0442 4.4.0 \u0434\u043e 4.4.8 (Moodle), \u043e\u0442 4.3.4 \u0434\u043e 4.3.12 (Moodle), \u043e\u0442 4.1.0 \u0434\u043e 4.1.18 (Moodle)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://moodle.org/mod/forum/discuss.php?d=467605",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.04.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-05099",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-3644",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Moodle",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 course_can_delete_section() \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 course_can_delete_section() \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2025-3644\nhttps://moodle.org/mod/forum/discuss.php?d=467605",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-863",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}
bit-moodle-2025-3644
Vulnerability from bitnami_vulndb
Published
2026-01-26 14:49
Modified
2026-01-26 15:09
Summary
Moodle: ajax section delete does not respect course_can_delete_section()
Details
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "moodle",
"purl": "pkg:bitnami/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.18"
},
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.12"
},
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.8"
},
{
"introduced": "4.5.0"
},
{
"fixed": "4.5.4"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-3644"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.",
"id": "BIT-moodle-2025-3644",
"modified": "2026-01-26T15:09:56.435Z",
"published": "2026-01-26T14:49:49.408Z",
"references": [
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3644"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3644"
}
],
"schema_version": "1.6.2",
"summary": "Moodle: ajax section delete does not respect course_can_delete_section()"
}
CNVD-2025-13259
Vulnerability from cnvd - Published: 2025-06-23
VLAI
Title
Moodle存在未明漏洞
Description
Moodle是一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle存在安全漏洞,该漏洞源于缺少检查机制,攻击者可利用该漏洞删除无修改权限的课程章节。
Severity
中
Patch Name
Moodle存在未明漏洞的补丁
Patch Description
Moodle是一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle存在安全漏洞,该漏洞源于缺少检查机制,攻击者可利用该漏洞删除无修改权限的课程章节。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级程序修复该安全问题,详情见厂商官网: https://download.moodle.org/releases/latest/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-3644
Impacted products
| Name | moodle Moodle |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-3644",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-3644"
}
},
"description": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\n\nMoodle\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u68c0\u67e5\u673a\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u65e0\u4fee\u6539\u6743\u9650\u7684\u8bfe\u7a0b\u7ae0\u8282\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://download.moodle.org/releases/latest/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-13259",
"openTime": "2025-06-23",
"patchDescription": "Moodle\u662f\u4e00\u5957\u514d\u8d39\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u68c0\u67e5\u673a\u5236\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5220\u9664\u65e0\u4fee\u6539\u6743\u9650\u7684\u8bfe\u7a0b\u7ae0\u8282\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Moodle\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "moodle Moodle"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-3644",
"serverity": "\u4e2d",
"submitTime": "2025-05-07",
"title": "Moodle\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}
FKIE_CVE-2025-3644
Vulnerability from fkie_nvd - Published: 2025-04-25 15:15 - Updated: 2025-06-24 15:59
Severity
Summary
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
References
| URL | Tags | ||
|---|---|---|---|
| patrick@puiterwijk.org | https://access.redhat.com/security/cve/CVE-2025-3644 | Third Party Advisory | |
| patrick@puiterwijk.org | https://bugzilla.redhat.com/show_bug.cgi?id=2359745 | Issue Tracking | |
| patrick@puiterwijk.org | https://moodle.org/mod/forum/discuss.php?d=467605 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "245F0D61-A209-4129-AEA5-C8E1600F5202",
"versionEndExcluding": "4.1.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify."
},
{
"lang": "es",
"value": "Se detect\u00f3 una falla en Moodle. Se requirieron comprobaciones adicionales para evitar que los usuarios eliminaran secciones del curso que no ten\u00edan permiso para modificar."
}
],
"id": "CVE-2025-3644",
"lastModified": "2025-06-24T15:59:15.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "patrick@puiterwijk.org",
"type": "Secondary"
}
]
},
"published": "2025-04-25T15:15:38.280",
"references": [
{
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3644"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
}
],
"sourceIdentifier": "patrick@puiterwijk.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "patrick@puiterwijk.org",
"type": "Secondary"
}
]
}
GHSA-CPM7-MV33-JWF8
Vulnerability from github – Published: 2025-04-25 15:31 – Updated: 2025-04-25 17:28
VLAI
Summary
Moodle's AJAX section delete does not respect course_can_delete_section()
Details
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity
4.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0-beta"
},
{
"fixed": "4.3.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0-beta"
},
{
"fixed": "4.4.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0-beta"
},
{
"fixed": "4.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-3644"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-25T17:28:20Z",
"nvd_published_at": "2025-04-25T15:15:38Z",
"severity": "MODERATE"
},
"details": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.",
"id": "GHSA-cpm7-mv33-jwf8",
"modified": "2025-04-25T17:28:20Z",
"published": "2025-04-25T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3644"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3644"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://github.com/search?q=repo%3Amoodle%2Fmoodle+MDL-83994\u0026type=commits"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Moodle\u0027s AJAX section delete does not respect course_can_delete_section()"
}
WID-SEC-W-2025-0862
Vulnerability from csaf_certbund - Published: 2025-04-21 22:00 - Updated: 2025-04-21 22:00Summary
Moodle: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuführen, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuführen und weitere nicht näher spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
References
18 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://moodle.org/mod/forum/discuss.php?d=467592 | external |
| https://moodle.org/mod/forum/discuss.php?d=467593 | external |
| https://moodle.org/mod/forum/discuss.php?d=467594 | external |
| https://moodle.org/mod/forum/discuss.php?d=467595 | external |
| https://moodle.org/mod/forum/discuss.php?d=467596 | external |
| https://moodle.org/mod/forum/discuss.php?d=467597 | external |
| https://moodle.org/mod/forum/discuss.php?d=467598 | external |
| https://moodle.org/mod/forum/discuss.php?d=467599 | external |
| https://moodle.org/mod/forum/discuss.php?d=467600 | external |
| https://moodle.org/mod/forum/discuss.php?d=467601 | external |
| https://moodle.org/mod/forum/discuss.php?d=467602 | external |
| https://moodle.org/mod/forum/discuss.php?d=467603 | external |
| https://moodle.org/mod/forum/discuss.php?d=467604 | external |
| https://moodle.org/mod/forum/discuss.php?d=467605 | external |
| https://moodle.org/mod/forum/discuss.php?d=467606 | external |
| https://moodle.org/mod/forum/discuss.php?d=467607 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuf\u00fchren und weitere nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0862 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0862.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0862 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0862"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0013 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0014 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0015 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0016 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0017 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0018 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0019 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0020 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0021 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0022 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0023 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0024 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0025 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0026 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0027 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0028 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-21T22:00:00.000+00:00",
"generator": {
"date": "2025-04-22T12:14:24.703+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0862",
"initial_release_date": "2025-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.5.4",
"product": {
"name": "Open Source Moodle \u003c4.5.4",
"product_id": "T043029"
}
},
{
"category": "product_version",
"name": "4.5.4",
"product": {
"name": "Open Source Moodle 4.5.4",
"product_id": "T043029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.5.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.4.8",
"product": {
"name": "Open Source Moodle \u003c4.4.8",
"product_id": "T043031"
}
},
{
"category": "product_version",
"name": "4.4.8",
"product": {
"name": "Open Source Moodle 4.4.8",
"product_id": "T043031-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.4.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.3.12",
"product": {
"name": "Open Source Moodle \u003c4.3.12",
"product_id": "T043032"
}
},
{
"category": "product_version",
"name": "4.3.12",
"product": {
"name": "Open Source Moodle 4.3.12",
"product_id": "T043032-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.18",
"product": {
"name": "Open Source Moodle \u003c4.1.18",
"product_id": "T043033"
}
},
{
"category": "product_version",
"name": "4.1.18",
"product": {
"name": "Open Source Moodle 4.1.18",
"product_id": "T043033-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.18"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40446",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2024-40446"
},
{
"cve": "CVE-2025-3625",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3625"
},
{
"cve": "CVE-2025-3627",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3627"
},
{
"cve": "CVE-2025-3628",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3628"
},
{
"cve": "CVE-2025-3634",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3634"
},
{
"cve": "CVE-2025-3635",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3635"
},
{
"cve": "CVE-2025-3636",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3636"
},
{
"cve": "CVE-2025-3637",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3637"
},
{
"cve": "CVE-2025-3638",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3638"
},
{
"cve": "CVE-2025-3640",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3640"
},
{
"cve": "CVE-2025-3641",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3641"
},
{
"cve": "CVE-2025-3642",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3642"
},
{
"cve": "CVE-2025-3643",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3643"
},
{
"cve": "CVE-2025-3644",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3644"
},
{
"cve": "CVE-2025-3645",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3645"
},
{
"cve": "CVE-2025-3647",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3647"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…