CVE-2025-62393

Moodle: course access permissions not properly checked in course_output_fragment_course_overview

CVSS 4.3 MEDIUMEPSS 0.2%CWE-284

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 oct 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Productos afectados

moodle

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://access.redhat.com/security/cve/CVE-2025-62393 https://bugzilla.redhat.com/show_bug.cgi?id=2404426 https://moodle.org/mod/forum/discuss.php?d=470381