CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

History

24 Jun 2025, 16:17

Type Values Removed Values Added
First Time Moodle moodle
Moodle
CPE cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
References () https://access.redhat.com/security/cve/CVE-2025-3625 - () https://access.redhat.com/security/cve/CVE-2025-3625 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2359690 - () https://bugzilla.redhat.com/show_bug.cgi?id=2359690 - Issue Tracking

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se descubrió una vulnerabilidad de seguridad en Moodle que puede permitir a los piratas informáticos obtener acceso a información confidencial sobre los estudiantes y evitar que inicien sesión en sus cuentas, incluso después de haber completado la autenticación de dos factores (2FA).

25 Apr 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 16:17


NVD link : CVE-2025-3625

Mitre link : CVE-2025-3625

CVE.ORG link : CVE-2025-3625


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-639

Authorization Bypass Through User-Controlled Key