CVE-2025-3625
Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
25 abr 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Productos afectados
moodle¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →