CVE-2025-3625

Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action

CVSS 7.1 HIGHEPSS 0.4%CWE-639

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 7.1EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

25 abr 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H

Produtos afetados

moodle

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2025-3625 https://bugzilla.redhat.com/show_bug.cgi?id=2359690