CVE-2025-26525

Summary

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available (such as those with TeX Live installed).

Affected Software

VendorProductVersion RangeStatus
Moodle Projectmoodle4.5.0 < 4.5.2affected
Moodle Projectmoodle4.4.0 < 4.4.6affected
Moodle Projectmoodle4.3.0 < 4.3.10affected
Moodle Projectmoodle4.1.0 < 4.1.16affected
Moodle Projectmoodle4.2.0 < 4.2.*unknown
Moodle Projectmoodle0 < 4.0.*unknown

Weaknesses

  • CWE-552: CWE-552 Files or Directories Accessible to External Parties

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References