CVE-2025-3635

Summary

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.

Affected Software

VendorProductVersion RangeStatus
4.5.0 < 4.5.4affected
4.4.0 < 4.4.8affected
4.3.0 < 4.3.12affected
4.1.0 < 4.1.18affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References