A flaw was found in Moodle. Insufficient capability checks made it possible for a user enrolled in a course to access some details, such as the full name and profile image URL, of other users they did not have permission to access.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2025-3640 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2359734 | Issue Tracking |
https://moodle.org/mod/forum/discuss.php?d=467601 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
24 Jun 2025, 16:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* | |
First Time |
Moodle moodle
Moodle |
|
References | () https://access.redhat.com/security/cve/CVE-2025-3640 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2359734 - Issue Tracking | |
References | () https://moodle.org/mod/forum/discuss.php?d=467601 - Vendor Advisory |
29 Apr 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Apr 2025, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-25 15:15
Updated : 2025-06-24 16:09
NVD link : CVE-2025-3640
Mitre link : CVE-2025-3640
CVE.ORG link : CVE-2025-3640
JSON object : View
Products Affected
moodle
- moodle
CWE
CWE-639
Authorization Bypass Through User-Controlled Key