CVE-2025-67857

Summary

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure.

Affected Software

VendorProductVersion RangeStatus
4.1.0 < 4.1.22affected
4.4.0 < 4.4.12affected
4.5.0 < 4.5.8affected
5.0.0 < 5.0.4affected
5.1.0 < 5.1.1affected

Weaknesses

  • CWE-201: Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References