CVE-2025-3638

Summary

A flaw was found in Moodle. The analysis request action in the Brickfield tool did not include the necessary token to prevent a Cross-site request forgery (CSRF) risk.

Affected Software

VendorProductVersion RangeStatus
4.5.0 < 4.5.4affected
4.4.0 < 4.4.8affected
4.3.0 < 4.3.12affected
4.1.0 < 4.1.18affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References