CVE-2025-3625
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Summary
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
4.5.0 < 4.5.4 | affected | ||
4.4.0 < 4.4.8 | affected | ||
4.3.0 < 4.3.12 | affected |
Weaknesses
- CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/security/cve/CVE-2025-3625
- https://bugzilla.redhat.com/show_bug.cgi?id=2359690
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.