CVE-2025-32044

Moodle: unauthenticated rest api user data exposure

CVSS 7.5 HIGHEPSS 0.3%CWE-200

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 abr 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw has been identified in Moodle where, on certain sites, unauthenticated users could retrieve sensitive user data—including names, contact information, and hashed passwords—via stack traces returned by specific API calls. Sites with PHP configured with zend.exception_ignore_args = 1 in the php.ini file are not affected by this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Produtos afetados

moodle

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2025-32044 https://bugzilla.redhat.com/show_bug.cgi?id=2356829