CVE-2025-3640

A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

History

24 Jun 2025, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
First Time Moodle moodle
Moodle
References () https://access.redhat.com/security/cve/CVE-2025-3640 - () https://access.redhat.com/security/cve/CVE-2025-3640 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2359734 - () https://bugzilla.redhat.com/show_bug.cgi?id=2359734 - Issue Tracking
References () https://moodle.org/mod/forum/discuss.php?d=467601 - () https://moodle.org/mod/forum/discuss.php?d=467601 - Vendor Advisory

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Se detectó una falla en Moodle. Las comprobaciones de capacidad insuficientes permitían que un usuario inscrito en un curso accediera a información, como el nombre completo y la URL de la imagen de perfil, de otros usuarios a los que no tenía permiso de acceso.

25 Apr 2025, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-25 15:15

Updated : 2025-06-24 16:09


NVD link : CVE-2025-3640

Mitre link : CVE-2025-3640

CVE.ORG link : CVE-2025-3640


JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-639

Authorization Bypass Through User-Controlled Key