CVE-2025-3635

A security vulnerability was discovered in Moodle that allows anyone to duplicate existing tours without needing to log in due to a lack of protection against cross-site request forgery (CSRF) attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

History

24 Jun 2025, 16:08

Type Values Removed Values Added
CPE cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
First Time Moodle moodle
Moodle
References () https://access.redhat.com/security/cve/CVE-2025-3635 - () https://access.redhat.com/security/cve/CVE-2025-3635 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2359709 - () https://bugzilla.redhat.com/show_bug.cgi?id=2359709 - Issue Tracking

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se descubrió una vulnerabilidad de seguridad en Moodle que permite a cualquiera duplicar recorridos existentes sin necesidad de iniciar sesión debido a la falta de protección contra ataques de Cross-site request forgery (CSRF).

25 Apr 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 16:08


NVD link : CVE-2025-3635

Mitre link : CVE-2025-3635

CVE.ORG link : CVE-2025-3635


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-352

Cross-Site Request Forgery (CSRF)