CVE-2025-3634

A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-3634	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2359707	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle::::::::

History

24 Jun 2025, 16:16

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2025-3634 -~~	() https://access.redhat.com/security/cve/CVE-2025-3634 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2359707 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2359707 - Issue Tracking
CPE		cpe:2.3:a:moodle:moodle::::::::
First Time		Moodle moodle Moodle

29 Apr 2025, 13:52

Type	Values Removed	Values Added
Summary		(es) Se descubrió una vulnerabilidad de seguridad en Moodle que permite a los estudiantes inscribirse en cursos sin completar todas las comprobaciones de seguridad necesarias. En concreto, los usuarios pueden inscribirse en cursos de forma anticipada, incluso sin haber completado la verificación en dos pasos.

25 Apr 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-25 14:15

Updated : 2025-06-24 16:16

NVD link : CVE-2025-3634

Mitre link : CVE-2025-3634

CVE.ORG link : CVE-2025-3634

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-287

Improper Authentication

{"id": "CVE-2025-3634", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-04-25T14:15:22.917", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-3634", "tags": ["Third Party Advisory"], "source": "patrick@puiterwijk.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359707", "tags": ["Issue Tracking"], "source": "patrick@puiterwijk.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "patrick@puiterwijk.org", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability was discovered in Moodle that allows students to enroll themselves in courses without completing all the necessary safety checks. Specifically, users can sign up for courses prematurely, even if they haven't finished two-step verification processes."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de seguridad en Moodle que permite a los estudiantes inscribirse en cursos sin completar todas las comprobaciones de seguridad necesarias. En concreto, los usuarios pueden inscribirse en cursos de forma anticipada, incluso sin haber completado la verificaci\u00f3n en dos pasos."}], "lastModified": "2025-06-24T16:16:11.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF438B80-5736-46ED-897E-726B563F8E0A", "versionEndExcluding": "4.3.12", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E758F51B-ADBF-406E-92A8-98090BE83C2B", "versionEndExcluding": "4.4.8", "versionStartIncluding": "4.4.0"}, {"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12B5C6F-A83C-488C-9C26-3C9A61F93618", "versionEndExcluding": "4.5.4", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "patrick@puiterwijk.org"}