Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2025-0862
Vulnerability from csaf_certbund - Published: 2025-04-21 22:00 - Updated: 2025-04-21 22:00Summary
Moodle: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuführen. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterstützt.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuführen, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuführen und weitere nicht näher spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Moodle ist ein Software-Paket, um internetbasierte Kurse zu entwickeln und durchzuf\u00fchren. Es ist ein globales Softwareentwicklungsprojekt, das einen konstruktivistischen Lehr- und Lernansatz unterst\u00fctzt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Moodle ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of Service zu verursachen, Informationen offenzulegen, Cross-Site-Scripting durchzuf\u00fchren und weitere nicht n\u00e4her spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0862 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0862.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0862 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0862"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0013 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467592"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0014 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467593"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0015 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467594"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0016 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467595"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0017 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467596"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0018 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467597"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0019 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467598"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0020 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467599"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0021 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0022 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0023 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0024 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0025 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0026 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0027 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
},
{
"category": "external",
"summary": "Moodle Security Advisory MSA-25-0028 vom 2025-04-21",
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
}
],
"source_lang": "en-US",
"title": "Moodle: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-21T22:00:00.000+00:00",
"generator": {
"date": "2025-04-22T12:14:24.703+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0862",
"initial_release_date": "2025-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.5.4",
"product": {
"name": "Open Source Moodle \u003c4.5.4",
"product_id": "T043029"
}
},
{
"category": "product_version",
"name": "4.5.4",
"product": {
"name": "Open Source Moodle 4.5.4",
"product_id": "T043029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.5.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.4.8",
"product": {
"name": "Open Source Moodle \u003c4.4.8",
"product_id": "T043031"
}
},
{
"category": "product_version",
"name": "4.4.8",
"product": {
"name": "Open Source Moodle 4.4.8",
"product_id": "T043031-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.4.8"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.3.12",
"product": {
"name": "Open Source Moodle \u003c4.3.12",
"product_id": "T043032"
}
},
{
"category": "product_version",
"name": "4.3.12",
"product": {
"name": "Open Source Moodle 4.3.12",
"product_id": "T043032-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.1.18",
"product": {
"name": "Open Source Moodle \u003c4.1.18",
"product_id": "T043033"
}
},
{
"category": "product_version",
"name": "4.1.18",
"product": {
"name": "Open Source Moodle 4.1.18",
"product_id": "T043033-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:open_source:moodle:4.1.18"
}
}
}
],
"category": "product_name",
"name": "Moodle"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40446",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2024-40446"
},
{
"cve": "CVE-2025-3625",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3625"
},
{
"cve": "CVE-2025-3627",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3627"
},
{
"cve": "CVE-2025-3628",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3628"
},
{
"cve": "CVE-2025-3634",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3634"
},
{
"cve": "CVE-2025-3635",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3635"
},
{
"cve": "CVE-2025-3636",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3636"
},
{
"cve": "CVE-2025-3637",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3637"
},
{
"cve": "CVE-2025-3638",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3638"
},
{
"cve": "CVE-2025-3640",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3640"
},
{
"cve": "CVE-2025-3641",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3641"
},
{
"cve": "CVE-2025-3642",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3642"
},
{
"cve": "CVE-2025-3643",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3643"
},
{
"cve": "CVE-2025-3644",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3644"
},
{
"cve": "CVE-2025-3645",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3645"
},
{
"cve": "CVE-2025-3647",
"product_status": {
"known_affected": [
"T043029",
"T043031",
"T043032",
"T043033"
]
},
"release_date": "2025-04-21T22:00:00.000+00:00",
"title": "CVE-2025-3647"
}
]
}
CVE-2025-3644 (GCVE-0-2025-3644)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:31
VLAI?
EPSS
Summary
A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank James E. Calder for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:51.876613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:21.924Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank James E. Calder for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Additional checks were required to prevent users from deleting course sections they did not have permission to modify."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:20.709Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3644"
},
{
"name": "RHBZ#2359745",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359745"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467605"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T12:53:42.862000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: ajax section delete does not respect course_can_delete_section()",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3644",
"datePublished": "2025-04-25T14:43:12.816Z",
"dateReserved": "2025-04-15T12:53:20.080Z",
"dateUpdated": "2025-04-28T16:31:20.709Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3625 (GCVE-0-2025-3625)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 16:01
VLAI?
EPSS
Summary
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Severity ?
7.1 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Red Hat would like to thank vi22 for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3625",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:21.330868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:01:25.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank vi22 for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:39.887Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3625"
},
{
"name": "RHBZ#2359690",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T06:38:04.957000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action",
"x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3625",
"datePublished": "2025-04-25T14:42:39.887Z",
"dateReserved": "2025-04-15T06:45:25.748Z",
"dateUpdated": "2025-04-25T16:01:25.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3636 (GCVE-0-2025-3636)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 15:56
VLAI?
EPSS
Summary
A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Vincent Schneider for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:06.661207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:56:11.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Schneider for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. This vulnerability allows unauthorized users to access and view RSS feeds due to insufficient capability checks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:54.270Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-84499"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3636"
},
{
"name": "RHBZ#2359726",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359726"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T11:05:50.015000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: idor in moodle rss block allows unauthorized access to rss feeds",
"x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3636",
"datePublished": "2025-04-25T14:42:54.270Z",
"dateReserved": "2025-04-15T11:06:56.927Z",
"dateUpdated": "2025-04-25T15:56:11.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3628 (GCVE-0-2025-3628)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 16:01
VLAI?
EPSS
Summary
A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities.
Severity ?
4.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Red Hat would like to thank Eliot for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3628",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:14.123677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:01:05.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Eliot for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:45.242Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3628"
},
{
"name": "RHBZ#2359706",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359706"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T09:43:40.253000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: moodle assignment submission search leaks anonymous student identities",
"x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3628",
"datePublished": "2025-04-25T14:42:45.242Z",
"dateReserved": "2025-04-15T09:43:34.108Z",
"dateUpdated": "2025-04-25T16:01:05.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3637 (GCVE-0-2025-3637)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 15:56
VLAI?
EPSS
Summary
A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages.
Severity ?
CWE
- CWE-598 - Use of GET Request Method With Sensitive Query Strings
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Simon Reinhart for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:02.631530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:56:03.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Simon Reinhart for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site\u0027s URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-598",
"description": "Use of GET Request Method With Sensitive Query Strings",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:56.775Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-65356"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3637"
},
{
"name": "RHBZ#2359727",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359727"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T11:16:44.823000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: csrf token exposure via url in moodle mod_data module",
"x_redhatCweChain": "CWE-598: Use of GET Request Method With Sensitive Query Strings"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3637",
"datePublished": "2025-04-25T14:42:56.775Z",
"dateReserved": "2025-04-15T11:19:07.842Z",
"dateUpdated": "2025-04-25T15:56:03.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3627 (GCVE-0-2025-3627)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 16:01
VLAI?
EPSS
Summary
A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA).
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3627",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:17.865509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:01:15.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication (2FA)."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:42.646Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3627"
},
{
"name": "RHBZ#2359692",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359692"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T07:33:21.651000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: partial data exposure in moodle before completing multi-factor authentication",
"x_redhatCweChain": "CWE-287: Improper Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3627",
"datePublished": "2025-04-25T14:42:42.646Z",
"dateReserved": "2025-04-15T07:33:12.147Z",
"dateUpdated": "2025-04-25T16:01:15.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3643 (GCVE-0-2025-3643)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:35
VLAI?
EPSS
Summary
A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:55.074653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:29.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. The return URL in the policy tool required additional sanitizing to prevent a reflected Cross-site scripting (XSS) risk."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:35:17.971Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3643"
},
{
"name": "RHBZ#2359742",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359742"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467604"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T12:41:19.043000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: reflected xss risk in policy tool",
"x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3643",
"datePublished": "2025-04-25T14:43:10.125Z",
"dateReserved": "2025-04-15T12:45:39.554Z",
"dateUpdated": "2025-04-28T16:35:17.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3645 (GCVE-0-2025-3645)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:28
VLAI?
EPSS
Summary
A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank ostapbender for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:48.876446Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:13.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank ostapbender for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users\u0027 names and online statuses."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:28:39.820Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3645"
},
{
"name": "RHBZ#2359761",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359761"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467606"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T13:02:44.091000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: idor in messaging web service allows access to some user details",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3645",
"datePublished": "2025-04-25T14:43:15.306Z",
"dateReserved": "2025-04-15T13:05:26.013Z",
"dateUpdated": "2025-04-28T16:28:39.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3647 (GCVE-0-2025-3647)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:25
VLAI?
EPSS
Summary
A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve.
Severity ?
4.3 (Medium)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Paul Holden for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:45.442245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:05.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Paul Holden for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in Moodle. Additional checks were required to ensure that users can only access cohort data they are authorized to retrieve."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:25:41.757Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3647"
},
{
"name": "RHBZ#2359762",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359762"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467607"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T13:11:17.901000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: idor when accessing the cohorts report",
"x_redhatCweChain": "CWE-863: Incorrect Authorization"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3647",
"datePublished": "2025-04-25T14:43:18.135Z",
"dateReserved": "2025-04-15T13:14:05.846Z",
"dateUpdated": "2025-04-28T16:25:41.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3642 (GCVE-0-2025-3642)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:37
VLAI?
EPSS
Summary
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled.
Severity ?
8.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Vincent Schneider for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:38:37.477101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:37.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Schneider for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS EQUELLA repository. By default, this was only available to teachers and managers on sites with the EQUELLA repository enabled."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:37:48.996Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3642"
},
{
"name": "RHBZ#2359738",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359738"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467603"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T12:31:28.282000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: authenticated remote code execution risk in the moodle lms equella repository",
"x_redhatCweChain": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3642",
"datePublished": "2025-04-25T14:43:07.535Z",
"dateReserved": "2025-04-15T12:36:13.440Z",
"dateUpdated": "2025-04-28T16:37:48.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3635 (GCVE-0-2025-3635)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-25 16:00
VLAI?
EPSS
Summary
A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Severity ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Red Hat would like to thank Vincent Schneider for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:43:11.068645Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:00:54.948Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Schneider for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Low"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:51.572Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3635"
},
{
"name": "RHBZ#2359709",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359709"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T10:05:54.321000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: csrf risk in moodle user tours manager allows tour duplication",
"x_redhatCweChain": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3635",
"datePublished": "2025-04-25T14:42:51.572Z",
"dateReserved": "2025-04-15T10:06:48.633Z",
"dateUpdated": "2025-04-25T16:00:54.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3640 (GCVE-0-2025-3640)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:47
VLAI?
EPSS
Summary
A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Severity ?
4.3 (Medium)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Khikhi for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:42:58.751283Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:53.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Khikhi for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:47:19.391Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3640"
},
{
"name": "RHBZ#2359734",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359734"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467601"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T11:53:26.707000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: idor in web service allows users enrolled in a course to access some details of other users",
"x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3640",
"datePublished": "2025-04-25T14:43:02.110Z",
"dateReserved": "2025-04-15T12:08:02.118Z",
"dateUpdated": "2025-04-28T16:47:19.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40446 (GCVE-0-2024-40446)
Vulnerability from cvelistv5 – Published: 2025-04-22 00:00 – Updated: 2025-04-23 14:51
VLAI?
EPSS
Summary
An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40446",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:50:13.402128Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T14:51:22.252Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in forkosh Mime Tex before v.1.77 allows an attacker to execute arbitrary code via a crafted script"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T14:02:03.613Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://youtu.be/S3cmZkWIi6o"
},
{
"url": "https://github.com/TaiYou-TW/CVE-2024-40445_CVE-2024-40446/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-40446",
"datePublished": "2025-04-22T00:00:00.000Z",
"dateReserved": "2024-07-05T00:00:00.000Z",
"dateUpdated": "2025-04-23T14:51:22.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3641 (GCVE-0-2025-3641)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:43 – Updated: 2025-04-28 16:40
VLAI?
EPSS
Summary
A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled.
Severity ?
8.8 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Vincent Schneider for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3641",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:38:41.331280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T15:55:44.471Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Schneider for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. A remote code execution risk was identified in the Moodle LMS Dropbox repository. By default, this was only available to teachers and managers on sites with the Dropbox repository enabled."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:40:46.077Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3641"
},
{
"name": "RHBZ#2359735",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359735"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467602"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T12:16:03.069000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: authenticated remote code execution risk in the moodle lms dropbox repository",
"x_redhatCweChain": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3641",
"datePublished": "2025-04-25T14:43:04.861Z",
"dateReserved": "2025-04-15T12:21:02.195Z",
"dateUpdated": "2025-04-28T16:40:46.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3634 (GCVE-0-2025-3634)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:02 – Updated: 2025-04-25 14:42
VLAI?
EPSS
Summary
A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.
Severity ?
4.3 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Red Hat would like to thank Guillaume Barat for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T14:23:56.228314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:24:04.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Guillaume Barat for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven\u0027t finished two-step verification processes."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T14:42:48.989Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3634"
},
{
"name": "RHBZ#2359707",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359707"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T09:51:31.344000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: moodle allows course self-enrolment before completing mfa",
"x_redhatCweChain": "CWE-287: Improper Authentication"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3634",
"datePublished": "2025-04-25T14:02:05.222Z",
"dateReserved": "2025-04-15T09:52:09.173Z",
"dateUpdated": "2025-04-25T14:42:48.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3638 (GCVE-0-2025-3638)
Vulnerability from cvelistv5 – Published: 2025-04-25 14:42 – Updated: 2025-04-28 16:53
VLAI?
EPSS
Summary
A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.
Severity ?
No CVSS data available.
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Red Hat would like to thank Vincent Schneider for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-3638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T15:51:01.143887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T16:18:52.153Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://git.moodle.org",
"defaultStatus": "unaffected",
"packageName": "moodle",
"versions": [
{
"lessThan": "4.5.4",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.8",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "4.3.12",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
},
{
"lessThan": "4.1.18",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Vincent Schneider for reporting this issue."
}
],
"datePublic": "2025-04-22T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:53:21.925Z",
"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"shortName": "fedora"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3638"
},
{
"name": "RHBZ#2359732",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359732"
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=467600"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T11:42:28.688000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-22T12:00:00+00:00",
"value": "Made public."
}
],
"title": "Moodle: csrf risk in brickfield tool\u0027s analysis request action",
"x_redhatCweChain": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
},
"cveMetadata": {
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
"cveId": "CVE-2025-3638",
"datePublished": "2025-04-25T14:42:59.376Z",
"dateReserved": "2025-04-15T11:44:11.282Z",
"dateUpdated": "2025-04-28T16:53:21.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…