Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-3638 (GCVE-0-2025-3638)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-28 16:53
VLAI
EPSS
Title
Moodle: csrf risk in brickfield tool's analysis request action
Summary
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3638 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2359732 | issue-trackingx_refsource_REDHAT |
| https://moodle.org/mod/forum/discuss.php?d=467600 |
Impacted products
Date Public
2025-04-22 12:00
Credits
Red Hat would like to thank Vincent Schneider for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:51:01.143887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:18:52.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Schneider for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:53:21.925Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3638"
},
{
"name": "RHBZ#2359732",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T11:42:28.688Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00.000Z",
"value": "Made public."
}
],
"title": "Moodle: csrf risk in brickfield tool\u0027s analysis request action",
"x_redhatCweChain": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3638",
"datePublished": "2025-04-25T14:42:59.376Z",
"dateReserved": "2025-04-15T11:44:11.282Z",
"dateUpdated": "2025-04-28T16:53:21.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-3638",
"date": "2026-05-27",
"epss": "0.00139",
"percentile": "0.33555"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-3638\",\"sourceIdentifier\":\"patrick@puiterwijk.org\",\"published\":\"2025-04-25T15:15:37.640\",\"lastModified\":\"2025-06-16T21:03:13.033\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una falla en Moodle. La acci\u00f3n de solicitud de an\u00e1lisis en la herramienta Brickfield no inclu\u00eda el token necesario para evitar el riesgo de Cross-site request forgery (CSRF).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"patrick@puiterwijk.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.18\",\"matchCriteriaId\":\"245F0D61-A209-4129-AEA5-C8E1600F5202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.3.12\",\"matchCriteriaId\":\"BF438B80-5736-46ED-897E-726B563F8E0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.0\",\"versionEndExcluding\":\"4.4.8\",\"matchCriteriaId\":\"E758F51B-ADBF-406E-92A8-98090BE83C2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5.0\",\"versionEndExcluding\":\"4.5.4\",\"matchCriteriaId\":\"F12B5C6F-A83C-488C-9C26-3C9A61F93618\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-3638\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2359732\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=467600\",\"source\":\"patrick@puiterwijk.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-3638\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T15:51:01.143887Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T16:18:45.591Z\"}}], \"cna\": {\"title\": \"Moodle: csrf risk in brickfield tool\u0027s analysis request action\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Vincent Schneider for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"4.5.0\", \"lessThan\": \"4.5.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.4.0\", \"lessThan\": \"4.4.8\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"lessThan\": \"4.3.12\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.1.0\", \"lessThan\": \"4.1.18\", \"versionType\": \"semver\"}], \"packageName\": \"moodle\", \"collectionURL\": \"https://git.moodle.org\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-04-15T11:42:28.688000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-04-22T12:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-04-22T12:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-3638\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2359732\", \"name\": \"RHBZ#2359732\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://moodle.org/mod/forum/discuss.php?d=467600\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"shortName\": \"fedora\", \"dateUpdated\": \"2025-04-28T16:53:21.925Z\"}, \"x_redhatCweChain\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-3638\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-28T16:53:21.925Z\", \"dateReserved\": \"2025-04-15T11:44:11.282Z\", \"assignerOrgId\": \"92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5\", \"datePublished\": \"2025-04-25T14:42:59.376Z\", \"assignerShortName\": \"fedora\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
CERTFR-2025-AVI-0340
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Moodle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Moodle versions 4.3.x ant\u00e9rieures \u00e0 4.3.12",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.5.x ant\u00e9rieures \u00e0 4.5.4",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions 4.4.x ant\u00e9rieures \u00e0 4.4.8",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
},
{
"description": "Moodle versions ant\u00e9rieures \u00e0 4.1.18",
"product": {
"name": "Moodle",
"vendor": {
"name": "Moodle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3643"
},
{
"name": "CVE-2025-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3634"
},
{
"name": "CVE-2025-3641",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3641"
},
{
"name": "CVE-2025-3637",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3637"
},
{
"name": "CVE-2025-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3628"
},
{
"name": "CVE-2025-3647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3647"
},
{
"name": "CVE-2025-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3625"
},
{
"name": "CVE-2025-3636",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3636"
},
{
"name": "CVE-2025-3642",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3642"
},
{
"name": "CVE-2025-3638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3638"
},
{
"name": "CVE-2025-3645",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3645"
},
{
"name": "CVE-2024-40446",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40446"
},
{
"name": "CVE-2025-3640",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3640"
},
{
"name": "CVE-2025-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3627"
},
{
"name": "CVE-2025-3644",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3644"
},
{
"name": "CVE-2025-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3635"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0340",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Moodle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
"vendor_advisories": [
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0014",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0017",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0027",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0023",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0022",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0013",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0026",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0015",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0020",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0024",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0025",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"published_at": "2025-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0016",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0019",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0021",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0028",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
},
{
"published_at": "2025-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-25-0018",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
}
]
}
BDU:2025-05104
Vulnerability from fstec - Published: 22.04.2025
VLAI
Title
Уязвимость компонента Brickfield виртуальной обучающей среды Moodle, позволяющая нарушителю оказать влияние на целостность защищаемой информации
Description
Уязвимость компонента Brickfield виртуальной обучающей среды Moodle связана с подделкой межсайтовых запросов. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, оказать влияние на целостность защищаемой информации
Severity
Vendor
ООО «Ред Софт», Мартин Дугамас
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Moodle
Software Version
7.3 (РЕД ОС), от 4.5.0 до 4.5.4 (Moodle), от 4.4.0 до 4.4.8 (Moodle), от 4.3.4 до 4.3.12 (Moodle), от 4.1.0 до 4.1.18 (Moodle)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Moodle :
https://moodle.org/mod/forum/discuss.php?d=467600
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Reference
https://moodle.org/mod/forum/discuss.php?d=467600
https://access.redhat.com/security/cve/cve-2025-3638
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
CWE
CWE-352
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041c\u0430\u0440\u0442\u0438\u043d \u0414\u0443\u0433\u0430\u043c\u0430\u0441",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 4.5.0 \u0434\u043e 4.5.4 (Moodle), \u043e\u0442 4.4.0 \u0434\u043e 4.4.8 (Moodle), \u043e\u0442 4.3.4 \u0434\u043e 4.3.12 (Moodle), \u043e\u0442 4.1.0 \u0434\u043e 4.1.18 (Moodle)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Moodle :\nhttps://moodle.org/mod/forum/discuss.php?d=467600\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.04.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.04.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-05104",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-3638",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Moodle",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Brickfield \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u0430\u044f \u0444\u0430\u043b\u044c\u0441\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 (CWE-352)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 Brickfield \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u043e\u0431\u0443\u0447\u0430\u044e\u0449\u0435\u0439 \u0441\u0440\u0435\u0434\u044b Moodle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u043e\u0434\u0434\u0435\u043b\u043a\u043e\u0439 \u043c\u0435\u0436\u0441\u0430\u0439\u0442\u043e\u0432\u044b\u0445 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043b\u0438\u044f\u043d\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://moodle.org/mod/forum/discuss.php?d=467600\nhttps://access.redhat.com/security/cve/cve-2025-3638\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-352",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,5)"
}
bit-moodle-2025-3638
Vulnerability from bitnami_vulndb
Published
2025-06-17 05:59
Modified
2025-06-17 06:16
Summary
Moodle: csrf risk in brickfield tool's analysis request action
Details
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "moodle",
"purl": "pkg:bitnami/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.18"
},
{
"introduced": "4.3.0"
},
{
"fixed": "4.3.12"
},
{
"introduced": "4.4.0"
},
{
"fixed": "4.4.8"
},
{
"introduced": "4.5.0"
},
{
"fixed": "4.5.4"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2025-3638"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.",
"id": "BIT-moodle-2025-3638",
"modified": "2025-06-17T06:16:01.751Z",
"published": "2025-06-17T05:59:41.165Z",
"references": [
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3638"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3638"
}
],
"schema_version": "1.6.2",
"summary": "Moodle: csrf risk in brickfield tool\u0027s analysis request action"
}
CNVD-2025-09236
Vulnerability from cnvd - Published: 2025-05-08
VLAI
Title
Moodle跨站请求伪造漏洞(CNVD-2025-09236)
Description
Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle存在跨站请求伪造漏洞,该漏洞源于Brickfield工具的分析请求操作缺少防跨站请求伪造的令牌。攻击者可利用该漏洞伪造恶意请求诱骗受害者点击执行敏感操作。
Severity
高
Patch Name
Moodle跨站请求伪造漏洞(CNVD-2025-09236)的补丁
Patch Description
Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。
Moodle存在跨站请求伪造漏洞,该漏洞源于Brickfield工具的分析请求操作缺少防跨站请求伪造的令牌。攻击者可利用该漏洞伪造恶意请求诱骗受害者点击执行敏感操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://download.moodle.org/releases/latest/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-3638
Impacted products
| Name | moodle Moodle |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2025-3638",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-3638"
}
},
"description": "Moodle\u662fMoodle\u5f00\u6e90\u7684\u4e00\u5957\u514d\u8d39\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\n\nMoodle\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eBrickfield\u5de5\u5177\u7684\u5206\u6790\u8bf7\u6c42\u64cd\u4f5c\u7f3a\u5c11\u9632\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u7684\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u6076\u610f\u8bf7\u6c42\u8bf1\u9a97\u53d7\u5bb3\u8005\u70b9\u51fb\u6267\u884c\u654f\u611f\u64cd\u4f5c\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://download.moodle.org/releases/latest/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2025-09236",
"openTime": "2025-05-08",
"patchDescription": "Moodle\u662fMoodle\u5f00\u6e90\u7684\u4e00\u5957\u514d\u8d39\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eBrickfield\u5de5\u5177\u7684\u5206\u6790\u8bf7\u6c42\u64cd\u4f5c\u7f3a\u5c11\u9632\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u7684\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u6076\u610f\u8bf7\u6c42\u8bf1\u9a97\u53d7\u5bb3\u8005\u70b9\u51fb\u6267\u884c\u654f\u611f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Moodle\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2025-09236\uff09\u7684\u8865\u4e01",
"products": {
"product": "moodle Moodle"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-3638",
"serverity": "\u9ad8",
"submitTime": "2025-05-07",
"title": "Moodle\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff08CNVD-2025-09236\uff09"
}
FKIE_CVE-2025-3638
Vulnerability from fkie_nvd - Published: 2025-04-25 15:15 - Updated: 2025-06-16 21:03
Severity
Summary
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
References
| URL | Tags | ||
|---|---|---|---|
| patrick@puiterwijk.org | https://access.redhat.com/security/cve/CVE-2025-3638 | Third Party Advisory | |
| patrick@puiterwijk.org | https://bugzilla.redhat.com/show_bug.cgi?id=2359732 | Issue Tracking, Third Party Advisory | |
| patrick@puiterwijk.org | https://moodle.org/mod/forum/discuss.php?d=467600 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "245F0D61-A209-4129-AEA5-C8E1600F5202",
"versionEndExcluding": "4.1.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A",
"versionEndExcluding": "4.3.12",
"versionStartIncluding": "4.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618",
"versionEndExcluding": "4.5.4",
"versionStartIncluding": "4.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk."
},
{
"lang": "es",
"value": "Se detect\u00f3 una falla en Moodle. La acci\u00f3n de solicitud de an\u00e1lisis en la herramienta Brickfield no inclu\u00eda el token necesario para evitar el riesgo de Cross-site request forgery (CSRF)."
}
],
"id": "CVE-2025-3638",
"lastModified": "2025-06-16T21:03:13.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-25T15:15:37.640",
"references": [
{
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3638"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732"
},
{
"source": "patrick@puiterwijk.org",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
}
],
"sourceIdentifier": "patrick@puiterwijk.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "patrick@puiterwijk.org",
"type": "Secondary"
}
]
}
GHSA-M8QH-HX4C-H9HR
Vulnerability from github – Published: 2025-04-25 15:31 – Updated: 2025-04-25 17:07
VLAI
Summary
Moodle has a CSRF risk in Brickfield tool's analysis request action
Details
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.3.0-beta"
},
{
"fixed": "4.3.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.4.0-beta"
},
{
"fixed": "4.4.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0-beta"
},
{
"fixed": "4.5.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-3638"
],
"database_specific": {
"cwe_ids": [
"CWE-352"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-25T17:07:24Z",
"nvd_published_at": "2025-04-25T15:15:37Z",
"severity": "LOW"
},
"details": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.",
"id": "GHSA-m8qh-hx4c-h9hr",
"modified": "2025-04-25T17:07:25Z",
"published": "2025-04-25T15:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3638"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/91e6ad43ed2522f9c1c4094e565b5a7e5b348728"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-3638"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Moodle has a CSRF risk in Brickfield tool\u0027s analysis request action"
}
WID-SEC-W-2025-0862
Vulnerability from csaf_certbund - Published: 2025-04-21 22:00 - Updated: 2025-04-21 22:00Summary
Moodle: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuführen, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuführen und weitere nicht näher spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source Moodle <4.5.4
Open Source / Moodle
|
<4.5.4 | ||
|
Open Source Moodle <4.4.8
Open Source / Moodle
|
<4.4.8 | ||
|
Open Source Moodle <4.3.12
Open Source / Moodle
|
<4.3.12 | ||
|
Open Source Moodle <4.1.18
Open Source / Moodle
|
<4.1.18 |
References
18 references
| URL | Category |
|---|---|
| https://wid.cert-bund.de/.well-known/csaf/white/2… | self |
| https://wid.cert-bund.de/portal/wid/securityadvis… | self |
| https://moodle.org/mod/forum/discuss.php?d=467592 | external |
| https://moodle.org/mod/forum/discuss.php?d=467593 | external |
| https://moodle.org/mod/forum/discuss.php?d=467594 | external |
| https://moodle.org/mod/forum/discuss.php?d=467595 | external |
| https://moodle.org/mod/forum/discuss.php?d=467596 | external |
| https://moodle.org/mod/forum/discuss.php?d=467597 | external |
| https://moodle.org/mod/forum/discuss.php?d=467598 | external |
| https://moodle.org/mod/forum/discuss.php?d=467599 | external |
| https://moodle.org/mod/forum/discuss.php?d=467600 | external |
| https://moodle.org/mod/forum/discuss.php?d=467601 | external |
| https://moodle.org/mod/forum/discuss.php?d=467602 | external |
| https://moodle.org/mod/forum/discuss.php?d=467603 | external |
| https://moodle.org/mod/forum/discuss.php?d=467604 | external |
| https://moodle.org/mod/forum/discuss.php?d=467605 | external |
| https://moodle.org/mod/forum/discuss.php?d=467606 | external |
| https://moodle.org/mod/forum/discuss.php?d=467607 | external |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuf\u00fchren und weitere nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0862 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0862.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0862 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0862"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0013 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0014 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0015 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0016 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0017 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0018 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0019 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0020 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0021 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0022 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0023 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0024 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0025 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0026 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0027 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0028 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-21T22:00:00.000+00:00",
"generator": {
"date": "2025-04-22T12:14:24.703+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0862",
"initial_release_date": "2025-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.5.4",
"product": {
"name": "Open Source Moodle \u003c4.5.4",
"product_id": "T043029"
}
},
{
"category": "product_version",
"name": "4.5.4",
"product": {
"name": "Open Source Moodle 4.5.4",
"product_id": "T043029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.5.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.4.8",
"product": {
"name": "Open Source Moodle \u003c4.4.8",
"product_id": "T043031"
}
},
{
"category": "product_version",
"name": "4.4.8",
"product": {
"name": "Open Source Moodle 4.4.8",
"product_id": "T043031-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.4.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.3.12",
"product": {
"name": "Open Source Moodle \u003c4.3.12",
"product_id": "T043032"
}
},
{
"category": "product_version",
"name": "4.3.12",
"product": {
"name": "Open Source Moodle 4.3.12",
"product_id": "T043032-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.18",
"product": {
"name": "Open Source Moodle \u003c4.1.18",
"product_id": "T043033"
}
},
{
"category": "product_version",
"name": "4.1.18",
"product": {
"name": "Open Source Moodle 4.1.18",
"product_id": "T043033-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.18"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40446",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2024-40446"
},
{
"cve": "CVE-2025-3625",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3625"
},
{
"cve": "CVE-2025-3627",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3627"
},
{
"cve": "CVE-2025-3628",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3628"
},
{
"cve": "CVE-2025-3634",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3634"
},
{
"cve": "CVE-2025-3635",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3635"
},
{
"cve": "CVE-2025-3636",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3636"
},
{
"cve": "CVE-2025-3637",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3637"
},
{
"cve": "CVE-2025-3638",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3638"
},
{
"cve": "CVE-2025-3640",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3640"
},
{
"cve": "CVE-2025-3641",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3641"
},
{
"cve": "CVE-2025-3642",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3642"
},
{
"cve": "CVE-2025-3643",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3643"
},
{
"cve": "CVE-2025-3644",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3644"
},
{
"cve": "CVE-2025-3645",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3645"
},
{
"cve": "CVE-2025-3647",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3647"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…