Exposure of Moodle

LMS

70

exposure score

13,690

sites use

0

exploited

7

critical

Vexday analysis

Com 292 CVEs catalogadas e nenhuma entrada no catálogo KEV da CISA, o Moodle apresenta taxa de exploração ativa abaixo da média geral do catálogo, o que sugere menor pressão de ameaças imediatas em ambiente real. No entanto, o EPSS elevado de 0,83 associado à CVE-2024-43425 indica probabilidade estatisticamente alta de exploração para essa vulnerabilidade específica, merecendo atenção prioritária nas equipes de patch management. O tipo de falha mais recorrente é CWE-79 (Cross-Site Scripting), padrão comum em plataformas web com alto volume de conteúdo gerado por usuários, e as 7 CVEs de severidade crítica reforçam a necessidade de manter ciclos de atualização regulares. A baixa atividade no KEV não deve ser interpretada como ausência de risco, especialmente diante de scores EPSS elevados que sinalizam vulnerabilidades com perfil de interesse por parte de agentes maliciosos.

CVEs

292 results

CVE-2024-48897MEDIUMMoodle: idor in edit/delete rss feedEPSS 0.3%CVE-2024-48901MEDIUMMoodle: idor when fetching report schedulesEPSS 0.3%CVE-2025-3636MEDIUMMoodle: idor in moodle rss block allows unauthorized access to rss feedsEPSS 0.3%CVE-2023-5551LOWMoodle: forum summary report shows students from other groups when in separate groups modeEPSS 0.3%CVE-2025-3643MEDIUMMoodle: reflected xss risk in policy toolEPSS 0.3%CVE-2025-26531LOWIDOR in badges allows disabling of arbitrary badgesEPSS 0.3%CVE-2025-62396MEDIUMMoodle: router (r.php) could expose application directoriesEPSS 0.3%CVE-2025-3644MEDIUMMoodle: ajax section delete does not respect course_can_delete_section()EPSS 0.3%CVE-2025-67856MEDIUMMoodle: moodle: privilege escalation via incomplete role checks in badge awardingEPSS 0.3%CVE-2025-3628MEDIUMMoodle: moodle assignment submission search leaks anonymous student identitiesEPSS 0.3%CVE-2025-3647MEDIUMMoodle: idor when accessing the cohorts reportEPSS 0.3%CVE-2025-26528LOWStored XSS in ddimageortext question typeEPSS 0.3%CVE-2025-32045MEDIUMMoodle: hidden grades shown to users without permission on some grade reportsEPSS 0.3%CVE-2025-53021MEDIUMA session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey paraEPSS 0.3%CVE-2025-3638HIGHMoodle: csrf risk in brickfield tool's analysis request actionEPSS 0.3%CVE-2025-62397MEDIUMMoodle: router produces json instead of 404 error for invalid course idEPSS 0.3%CVE-2025-67849HIGHMoodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responsesEPSS 0.3%CVE-2025-67851MEDIUMMoodle: moodle: formula injection allows arbitrary formula execution via unescaped data exportEPSS 0.3%CVE-2025-62400MEDIUMMoodle: hidden group names visible to event creatorsEPSS 0.2%CVE-2025-67852LOWMoodle: moodle: open redirect vulnerability in oauth login flow allows redirection to malicious sites.EPSS 0.2%

← previouspage 14 / 15next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →