CVE-2025-62393

Moodle: course access permissions not properly checked in course_output_fragment_course_overview

CVSS 4.3 MEDIUMEPSS 0.2%CWE-284

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

23 out 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

moodle

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://access.redhat.com/security/cve/CVE-2025-62393 https://bugzilla.redhat.com/show_bug.cgi?id=2404426 https://moodle.org/mod/forum/discuss.php?d=470381