CVE-2025-62400

Summary

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information.

Affected Software

VendorProductVersion RangeStatus
5.0.0 < 5.0.3affected
4.5.0 < 4.5.7affected
4.4.0 < 4.4.11affected
4.1.0 < 4.1.21affected

Weaknesses

  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References