CVE-2025-3625

A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA).

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3625	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359690	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

24 Jun 2025, 16:17

Type	Values Removed	Values Added
First Time		Moodle moodle Moodle
CPE		cpe:2.3:a:moodle:moodle::::::::
References	~~() https://access.redhat.com/security/cve/CVE-2025-3625 -~~	() https://access.redhat.com/security/cve/CVE-2025-3625 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2359690 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2359690 - Issue Tracking

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Se descubrió una vulnerabilidad de seguridad en Moodle que puede permitir a los piratas informáticos obtener acceso a información confidencial sobre los estudiantes y evitar que inicien sesión en sus cuentas, incluso después de haber completado la autenticación de dos factores (2FA).

25 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 16:17

NVD link : CVE-2025-3625

Mitre link : CVE-2025-3625

CVE.ORG link : CVE-2025-3625

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2025-3625", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2025-04-25T15:15:36.753", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3625", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359690", "tags": ["Issue Tracking"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability was discovered in Moodle that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed two-factor authentication (2FA)."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de seguridad en Moodle que puede permitir a los piratas inform\u00e1ticos obtener acceso a informaci\u00f3n confidencial sobre los estudiantes y evitar que inicien sesi\u00f3n en sus cuentas, incluso despu\u00e9s de haber completado la autenticaci\u00f3n de dos factores (2FA)."}], "lastModified": "2025-06-24T16:17:15.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A", "versionEndExcluding": "4.3.12", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}